Google Apps Security Guidelines for UD Faculty and Staff

The University has teamed up with Google to provide the Google Apps for Education (GAE) package customized for the University of Delaware. Google Apps @UDel.edu is a suite of Google applications that support increased collaboration and productivity for exclusive use by UD faculty, staff and students. Google Apps @UDel.edu includes many of the same applications found in the publicly available Google Apps: for example, Gmail, Google Calendar, Google Talk (IM), Google Sites, and Google Docs. These resources are accessible only to those with valid udel.edu accounts.

Faculty, staff, and graduate students can choose to receive their email via Google Apps @UDel.edu; but are not required to do so.

No matter where you choose to read your email, if you have a valid udel.edu email address, you can use the collaboration and productivity applications included in Google Apps @UDel.edu by logging in to Google Apps @UDel.edu. After logging in, you'll see that you have an email account based on Gmail with the same name as your @udel.edu email account. While you can send email from this screen, you won't receive email in Google Apps @UDel.edu unless you opt to make the switch at the University of Delaware network page. For more information, see the Google Apps @UDel.edu FAQs.

The entire UD community will find value in using its advanced communication and collaboration features in support of teaching, learning, research and service.

This document offers some considerations and guidelines as you decide whether or not Google Apps @UDel.edu is an appropriate place for you to work and store documents and email.

Google Apps @UDel.edu can be appropriately used for much UD communication and collaboration when shared with appropriate UD faculty, staff, or students (e.g., on a "need-to-know" basis with required approvals). Google has limited data protection capabilities sufficient for many applications. University employees and others (including graduate students) entrusted with University information must assess the risks of disclosure, loss, modification, availability, and the requirements of Federal laws and regulations (e.g., FERPA and HIPAA), contractual obligations, and grant requirements on their work before moving University information to Google Docs.

• Confidential personally identifiable information (PII) - PII classified as confidential must not be stored on Google Apps @UDel.edu (e.g., Social Security Numbers, credit card numbers, protected health information, or confidential educational records).
• Other sensitive personal or official use only (OUO) information - The University is regulated in many areas. These regulations come with requirements on how data can be accessed and where it can be stored. For example, it is not appropriate to store data regulated by the Health Insurance Portability and Accountability Act (HIPAA) on Google Apps. Some data regulated by the Family Educational Rights and Privacy Act (FERPA) is not appropriate for storage on Google Apps.
• Research - It may be inappropriate to use Google Apps for certain research applications.
  • Human subjects research may involve the collection of private information or a promise of privacy/confidentiality to research participants. It should not be assumed that Google Apps is a secure environment for such data.
  • Research data with restrictions on export or the participation of foreign nationals (e.g., ITAR), restrictions on publication (prior approval or prior review) or that is covered by non-disclosure agreements should not be stored or transmitted using Google Apps, including Gmail. Researchers with questions as to whether or not this limitation applies to their projects should consult the University's Export Regulations at or contact the University Export Compliance Officer.
• Intellectual property (IP)
  • UD IP - Not all IP is of equal value or importance to the University. All UD information, including IP, must be classified and protected according to its importance or risk to the goals and objectives of the unit and University. Google Apps is not suitable for mission critical systems, and depending on your unit's requirements, it may or may not be suitable for your critical information systems.
  • Third-party IP - UD is frequently entrusted with the IP of others as part of collaborative research or in the facilitation of the business of the University. Guidelines on appropriate use and protection of data provided by third-party owners should be consulted to determine if Google Apps information security meets those guidelines.
• Personal use - Google Apps @UDel.edu is a University resource provided to faculty and staff. All University policies apply, including the Policy for Responsible Computing at the University of Delaware.
• Email - When you use Google Apps @UDel.edu, you must follow UD information classification and protection requirements. In short, don't send confidential PII, mission critical IP, passwords, educational, health or financial account information, or contractual or funding agency restricted information in unencrypted email, or e-communications, of any kind.

If you have any questions about whether Google Apps @UDel.edu is an appropriate tool for your collaboration or storage needs, contact your departmental IT administration or the University’s Information Security Office at (302) 831-6000.

Google Apps @UDel.edu is built on a safe, reliable platform. Its security controls, processes, and policies protect against unauthorized access to, alteration of, and disclosure or destruction of your data. Google’s security measures have obtained a SAS 70 Type I attestation and are reviewed regularly. Google has published extensive information about its privacy and security measures, including a security white paper. Links to the white paper, security FAQs, and other resources for learning more about Google privacy and security--including data ownership, sharing and protection.

UD owns and administers its Google Apps @UDel.edu domain; that is, Google provides the base platform, but all of the data on Google Apps @UDel.edu belongs to UD. IT is equipped to fully support Google Apps @UDel.edu: email, Google Groups, creating and sharing documents, mobile access, setting up Web sites.

Google offers Google Apps general webinars to help customers more fully utilize its features. IT offers training on the use of Google Apps @UDel.edu; view the training schedule . For further assistance, view the UD-produced Google Apps documentation, or contact the IT Support Center.

Access Google Apps @UDel.edu with a UDelNet ID and password. After you authenticate through this UD-administered Web portal, a trusted session is formed with Google, you can use all Google Apps @UDel.edu applications. A separate Google password is needed only if you wish to access Google Apps directly, without using the Web portal. The two most common uses of a separate Google password are setting up IMAP access to Gmail or setting up iCal access to Google Calendar. (Note: Your Google password is needed to access Gmail via a smartphone or client-based e-mail program such as Thunderbird or Outlook.) Using UD's Network page, clients can reveal their GAE passwords, or set them to be the same as their UDelNet passwords.