Monday, April 23, 2012

Google Apps for Education - Safety and Security


Recently we had a question come across the Google Apps User Group message board about GAFE security and privacy. Here is the list of questions:

1.) Does Google meet HIPPA compliance?
2.) Does Google meet FERPA compliance?
3.) Is an additional encryption tool need for Google email?
4.) If we put children's names and other demographic information on the calendars, is it secure?
5.) If we decide to use the forms and data collection functions of Google, is it secure?
6.) Is there any documentation to support that Google Apps are secure?

The first links to visit are:


I also have a presentation that goes through many of these:  http://goo.gl/nwYc4 

Although I am not a lawyer, here are my direct answers to these questions:

1.) Does Google meet HIPPA compliance? - Most schools are not subject to HIPPA guidelines, these records are instead covered by FERPA: 
2.) Does Google meet FERPA compliance? - Yes, since you control the accounts and are the only one that can see personally identifiable student information - and retain all control over that information. More FERPA references here: http://www.diigo.com/user/hthiele/FERPA
3.) Is an additional encryption tool need for Google email? - No, you just turn on "require https" from the control panel
4.) If we put children's names and other demographic information on the calendars, is it secure? - Yes - just make sure your settings don't shoe that to the outside - share Free/Busy only
5.) If we decide to use the forms and data collection functions of Google, is it secure? - Yes - see #2
6.) Is there any documentation to support that Google Apps are secure? - See the FAQ's http://support.google.com/a/bin/answer.py?hl=en&answer=60762 and the security whitepaper 

0 comments: