The following memo is going to be sent to the Deans, Directors, and Chairs
(DDC) list Real Soon Now. As a courtesy to the NAG membership, it is being
posted here beforehand (under the assumption that many of you will be asked
about it after it is posted to the DDC list). Clearly this notice does not
announce a ban on Google Desktop 3, but it is a strong caution.
Tom Davis, Director
Academic Computing and Network Services
=============================================================================
To: Deans, Directors, Chairs
From: David Gift, Vice Provost, Libraries, Computing and Technology
David Brower, Assistant Vice President for Finance,
Chief Financial Officer and Controller
Linda Stanford, Associate Provost for Academic Services and
University Registrar
Subject: Exercise Caution: Google Desktop 3 and Sensitive Information
Version 3 of software known as Google Desktop includes a feature called
"Search Across Computers" that poses serious privacy and confidentiality
concerns. Every MSU unit, and every individual at MSU, should be aware of
these concerns and act accordingly.
The Search Across Computers tool is intended to help individuals who use
multiple computers find documents stored on any of the machines they use.
The software indexes the hard drive of each enrolled computer and uploads
information to Google's servers. Analysts at Gartner Group and elsewhere
advise that institutions should avoid use of Google Desktop 3, or manage
its use with extreme care.
MSU units and individuals should not install Google Desktop 3 or similar
software on any computers that house confidential or sensitive information,
including any of the following:
1. Social security number;
2. Credit card number or debit card number,
3. Bank account number, automated clearing house number, or electronic
funds transfer account number;
4. Driver's license number;
5. Name, in combination with address and date of birth;
6. Name, in combination with mother's maiden name;
7. Student records that are protected by the Family Educational Rights
and Privacy Act (FERPA) or the University's Guidelines Governing
Privacy and Release of Student Records;
8. Protected health information under the Health Insurance Portability
and Accountability Act (HIPAA); or
9. Research data or results prior to publication or the filing of a
patent application.
All members of the MSU community should be aware of the need to safeguard
sensitive information, and should carefully consider how and where they
store or transmit such data, whether on paper, on CD / DVD discs, on port-
able key ring devices, on laptop computers, or online.
