 |
 |
Morning Everyone, I refer you to MSU's Institutional Data Policy: https://tech.msu.edu/about/guidelines-policies/msu-institutional-data-policy/ Unpublished research data falls under the 4th category in the above document. Be sure to check out appendix I as it provides numerous examples of confidential data. And to MSU's current cloud computing policy documents: https://tech.msu.edu/about/guidelines-policies/cloud-services-appropriate-use/ https://tech.msu.edu/about/guidelines-policies/appropriate-use-google-apps/ Here is an excerpt from the latter: "The Google Apps/G Suite for Education Agreement provides provisions that allow use of FERPA protected data, assuming MSU users properly control access. The Agreement does NOT contain strong enough provisions to allow use of Core Apps for most other confidential data types." If you are not familiar with these policies there is no better time than the present to become so. Or... you can choose to ignore the policies and allow your users to wander unguided into the realm of personal liability. Your choice, bob Quoting Gary Schrock <[log in to unmask]>: > Hey folks, I was just wondering if anyone knows whether the cloud storage > policies have had any revisions lately that I just happened to have not > heard about. I recently had a conversation with one of my users that also > works in a lab in another department that kinda surprised me on the > recommendations they were getting to use google drive as the storage space > for their lab data. > > Specifically, from the documentation that I can find (and have seen for > quite a while), the MSU policy is that anything that's considered > confidential data should not be stored on cloud storage. Among the many > examples of what's considered confidential data, the one that always stands > out to me based on the nature of what we do in our department is > "Unpublished research data". As a result, we've always been very careful > to stress to our users that they shouldn't be using it, and specifically > not for unpublished research data (which invariably is what they want to > use it for anyways). Whether they pay attention to us after that is always > of course another debate. > > However, this person says the recommendation they were getting from another > department was that they should use google drive to store their research > data. And supposedly they were told that MSU's agreement with google > allows for stuff including FERPA and HIPAA protected data to be on google > drive. (In this case, I don't think their data actually falls under either > of those anyways.) From what I can find, there is reference to google apps > being ok for FERPA stuff, but only specifically MSU's educational records. > The googleapps.msu.edu page specifically then says to avoid any > confidential data than educational records. > > I'm not trying to throw another department's IT staff under the bus, but do > feel that some clarification would be useful. Among other things, I'm > getting told this third party from a user, so I'm entirely willing to > believe that there's something being lost in translation there. > > (I've also always kinda felt that it's better to err on the side of caution > here. If something did happen and things got breached, faculty with tenure > tend to be pretty hard to fire because of something like that. The IT > staff that let them get away with doing this in the first place is far more > easily replaced :). Call it a healthy dose of paranoia.) > > Gary >