220 likes | 404 Views
Google Apps, etc. — Legal and Policy Issues. Steve Worona September 26, 2007. No shaggy-dog photos – Just lawyer jokes. No shaggy-dog photos – Just lawyer jokes. “It depends.”. No shaggy-dog photos – Just lawyer jokes. “It depends.” “What do you want it to be?”.
E N D
Google Apps, etc.—Legal and Policy Issues Steve Worona September 26, 2007
No shaggy-dog photos –Just lawyer jokes • “It depends.”
No shaggy-dog photos –Just lawyer jokes • “It depends.” • “What do you want it to be?”
No shaggy-dog photos –Just lawyer jokes • “It depends.” • “What do you want it to be?” • FUD vs UnFUD • Wow, that’s scary; don’t do it! • If you want to do it, here’s how
No shaggy-dog photos –Just lawyer jokes • “It depends.” • “What do you want it to be?” • FUD vs UnFUD • Wow, that’s scary; don’t do it! • If you want to do it, here’s how • Common issues when outsourcing comes up • FERPA • E-Discovery
FERPA – Background • 1974, aka “The Buckley Amendment” • Limits what you can do with “education records” that you “maintain” • FUD: Don’t tell anyone anything • VT: Think again (or, at least, think) • Plug: Oct. 17 EDUCAUSE Live! (McDonald/Tribbensee) • Plug: Nov. 5 EDUCAUSE Live! (Blythe) • Legal nuances • “Education record” • “Maintain” • Directory info, opt in/out, need-to-know, etc. • Leave it to the lawyers/registrars!
FERPA – Enforcement • FPCO: Family Policy Compliance Office • Leroy Rooker • Your Registrar • FUD: Complete loss of student funding • Since 1974, imposed ___ times
FERPA – Enforcement • FPCO: Family Policy Compliance Office • Leroy Rooker • Your Registrar • FUD: Complete loss of student funding • Since 1974, imposed zero times • UnFUD: Letter from Leroy • You seem to be in violation of FERPA; stop
FERPA – Enforcement • FPCO: Family Policy Compliance Office • Leroy Rooker • Your Registrar • FUD: Complete loss of student funding • Since 1974, imposed zero times • UnFUD: Letter from Leroy • You seem to be in violation of FERPA; stop • FUD: If we do that, some student will sue us
FERPA – Enforcement • FPCO: Family Policy Compliance Office • Leroy Rooker • Your Registrar • FUD: Complete loss of student funding • Since 1974, imposed zero times • UnFUD: Letter from Leroy • You seem to be in violation of FERPA; stop • FUD: If we do that, some student will sue us • UnFUD: Gonzaga v Doe (2002)
FERPA and Outsourcing • Mail as maintained education record (FERPA data) • What do you want the answer to be?
FERPA and Outsourcing • Mail as maintained education record (FERPA data) • What do you want the answer to be? • Mail as vehicle for FERPA-protected data • FUD example: “Notification of grades via email is in violation of FERPA. There is no guarantee of confidentiality on the Internet. The institution would be held responsible if an unauthorized third party gained access, in any manner, to a student’s education record through any electronic transmission method.”
What FPCO Really Says While the law does not prescribe specific methods that should be used to protect education records from unauthorized access or disclosure, the prohibition in FERPA against disclosing or permitting access to education records without consent clearly does not allow an educational agency or institution to leave education records unprotected or subject to access by unauthorized individuals, whether in paper, film, electronic, or any other format. We interpret this prohibition to mean that an educational agency or institution must use physical, technological, administrative and other methods, including training, to protect education records in ways that are reasonable and appropriate to the circumstances in which the information or records are maintained.
FERPA and Outsourcing • Mail as maintained education record (FERPA data) • What do you want the answer to be? • Mail as vehicle for FERPA-protected data • FUD example: “Notification of grades via email is in violation of FERPA. There is no guarantee of confidentiality on the Internet. The institution would be held responsible if an unauthorized third party gained access, in any manner, to a student’s education record through any electronic transmission method.” • UnFUD: Common sense, prudence, notification, …
E-Discovery — Background • New federal rules as of late 2006 • Document, enforce, formalize maintenance and backup standards • Know where all of your corporate data is
E-Discovery — Background • New federal rules as of late 2006 • Document, enforce, formalize maintenance and backup standards • Know where all of your corporate data is • Prepare for “litigation hold”
E-Discovery — Background • New federal rules as of late 2006 • Document, enforce, formalize maintenance and backup standards • Know where all of your corporate data is • Prepare for “litigation hold” • CIO’s: Fear and trepidation in their hearts
E-Discovery — Background • New federal rules as of late 2006 • Document, enforce, formalize maintenance and backup standards • Know where all of your corporate data is • Prepare for “litigation hold” • CIO’s: Fear and trepidation in their hearts • Lawyers: $$$ in their pockets
E-Discovery — Background • New federal rules as of late 2006 • Document, enforce, formalize maintenance and backup standards • Know where all of your corporate data is • Prepare for “litigation hold” • CIO’s: Fear and trepidation in their hearts • Lawyers: $$$ in their pockets • Case law and refinements eagerly awaited
E-Discovery and Outsourcing • First figure out your business practices • Backups • How to treat desktops, home systems • “Customer” vs “corporate” data • Then treat outsourcing in the context of agency • Well-established legal concept • Understood by attorneys on both sides • Contracted terms of relationship and responsibilities • What do you want the answer to be? • FUD: It’s all in flux; let’s wait and see what happens • UnFud: It’s all in flux; no reason not to go ahead