Thursday, September 27, 2007

Re: Archiving email and limiting attachment size (UNCLASSIFIED)

Classification: UNCLASSIFIED=20
Caveats: NONE

It totally agree with you on tablet PCs :-). As to the rest ..... I was
not completely fair, because your use of external email does insulate
the school in purely personal matters. Example: faculty member cheats
on spouse and arranges liaisons through school email system. Spouse
kills faculty member and school gets subpoenaed for the emails. You
have also limited the risk with regard to abuse of access to email by
technical staff. Example: email admin discovers faculty member is being
treated for depression, blabs to other staff about it.

But in any school matter, you have potentially increased your exposure
because you can not enforce your data retention policy and you have no
choice but to involve a third party. This will increase your exposure
in many ways, like "climate". For example, a faculty member sues the
school for sexual harassment. Their lawyers will request all stored
email for your faculty, students and staff and search for sexist remarks
or other discriminatory language, jokes, pictures, etc that help prove
the school had a climate that encouraged the harassment (and it was not
an isolated employee action). Climate becomes the basis of taking down
the entire institution and disallowing the isolated incident argument.
And, where as the school's lawyers are likely assure that the scope of
the search is limited, and battle against grey areas, Google and Yahoo's
involvement will make that more difficult. Texaco, Enron and more have
famously had this employed against them using emails and schools are not
immune either (there are many cases involving hostility to GLBT,
religions, and indifference to violence). Eliminating unnecessary
retention reduces this risk and many others.

Your email strategy has significant cost, administrative and educational
benefits that may out weigh the risks. 99.9% of the time it is not
going to matter, but I think most schools are going to be best off with
school accounts that are for school business only (by policy), and which
you can enforce retention rules on; and encouraging faculty, staff and
students to maintain separate personal accounts for all of their
personal business. Could you have two separate yahoo accounts as well,
certainly, but again it is about your ability to enforce your polices on
the data that is part of your school's business and enabling the
school's control over that data.

_J

___________________________________

Jason Johnson - Program Director
Web Services Branch - Walter Reed Army Medical Center Ingenium (ISO
9001:2000 certified)
Office: 202-782-1047
Cell: 202-262-0516
jason.johnson@ingenium.net
jason.p.johnson2@us.army.mil=20
-----Original Message-----
From: A forum for independent school educators
[mailto:ISED-L@LISTSERV.SYR.EDU] On Behalf Of Greg Kearney
Sent: Thursday, September 27, 2007 9:53 AM
To: ISED-L@LISTSERV.SYR.EDU
Subject: Re: Archiving email and limiting attachment size (UNCLASSIFIED)

I should make it clear that we would never wish to look into a student's
or faculty's personal email account any more than we would want to go
to their homes and read a student's physical mail.

Our data retention policies apply only to materials on school owned
computers. For servers holding student records that is indefinite but we
do have then photographed and stored off site after 7 years. For
financial and fundraising it is five years. For school originated email,
and there is very little of that, 90 days.

Student lab computer are set to destroy anything that is not part of the
basic OS every night. Like I said they had better save their stuff to
their personal pen drives. We do have a policy which lets us look at the
pen drive should we suspect porn or other inappropriate material but we
have never had occasion to do so. This is the same as looking into
lockers.

So if someone come knocking wanting to look at personal email they can
do so at Google, Yahoo or who ever and deal with Google's lawyers but
not the schools.

At some point both students and faculty need to learn to be responsible
for themselves and not expect that the school and it IS staff will be
watching over them all the time. In our case we start that at the very
beginning.

No issued laptops but personal ones are fine, no school email and no
school storage, everyone will learn and be forced to use all three
operating systems. We haven't got into the whole tablet computer thing.
One student has one. In my professional work I have seen a grand total
of two of these in real work setting. They strike me as a gimmick.

Greg
Classification: UNCLASSIFIED=20
Caveats: NONE

[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a Creative Commons license.