The following memo is going to be sent to the Deans, Directors, and Chairs (DDC) list Real Soon Now. As a courtesy to the NAG membership, it is being posted here beforehand (under the assumption that many of you will be asked about it after it is posted to the DDC list). Clearly this notice does not announce a ban on Google Desktop 3, but it is a strong caution. Tom Davis, Director Academic Computing and Network Services ============================================================================= To: Deans, Directors, Chairs From: David Gift, Vice Provost, Libraries, Computing and Technology David Brower, Assistant Vice President for Finance, Chief Financial Officer and Controller Linda Stanford, Associate Provost for Academic Services and University Registrar Subject: Exercise Caution: Google Desktop 3 and Sensitive Information Version 3 of software known as Google Desktop includes a feature called "Search Across Computers" that poses serious privacy and confidentiality concerns. Every MSU unit, and every individual at MSU, should be aware of these concerns and act accordingly. The Search Across Computers tool is intended to help individuals who use multiple computers find documents stored on any of the machines they use. The software indexes the hard drive of each enrolled computer and uploads information to Google's servers. Analysts at Gartner Group and elsewhere advise that institutions should avoid use of Google Desktop 3, or manage its use with extreme care. MSU units and individuals should not install Google Desktop 3 or similar software on any computers that house confidential or sensitive information, including any of the following: 1. Social security number; 2. Credit card number or debit card number, 3. Bank account number, automated clearing house number, or electronic funds transfer account number; 4. Driver's license number; 5. Name, in combination with address and date of birth; 6. Name, in combination with mother's maiden name; 7. Student records that are protected by the Family Educational Rights and Privacy Act (FERPA) or the University's Guidelines Governing Privacy and Release of Student Records; 8. Protected health information under the Health Insurance Portability and Accountability Act (HIPAA); or 9. Research data or results prior to publication or the filing of a patent application. All members of the MSU community should be aware of the need to safeguard sensitive information, and should carefully consider how and where they store or transmit such data, whether on paper, on CD / DVD discs, on port- able key ring devices, on laptop computers, or online.