Policy 270.05A - Google Services Guidelines for Faculty and Staff

  This Replaces
File: 270.05A 270.05
Date: 8/6/13 1/7/13


ORIGINATOR: Office of Information Technology

SUBJECT: Google Services Guidelines for Faculty and Staff

  1. Introduction
    1. This document addresses UMUC's guidelines for faculty and staff use of Google Apps for Education (GAE) as well as other Google services that are not covered under the UMUC GAE agreement (Google Services).
    2. UMUC provides its faculty and staff GAE services to support the educational and administrative activities of the university, and to serve as a means of official communication by and between users and UMUC.
    3. This document was developed to ensure that these services are used for purposes appropriate to the university's mission.
  2. Google Apps for Education
    1. GAE services are services that fall under the Google Apps for Education agreement and do not require users to agree to separate terms of service or privacy policy.
    2. The GAE services include the following:
      1. Gmail
      2. Google Calendar
      3. Google Groups
      4. Google Talk
      5. Google Docs
      6. Google Drive
      7. Google Sites
      8. Google Video
      9. Google Contacts
    3. The GAE services are subject to change.
  3. Other Google Services
    1. University users accessing other Google services should be aware that this functionality is not covered under the GAE agreement.
    2. These services currently include variety of applications, but the list is subject to change as Google modifies its offerings under the GAE agreement.
    3. Faculty and staff utilizing other non-GAE Google services must be aware that user and content data may be collected and consolidated to be used by Google as permitted under their current policies Google may collect the following data types:
      1. Personal information (name, e-mail address, telephone number and credit card numbers)
      2. Device information (hardware model, operating system, device identifiers, and mobile network information)
      3. Collect and store details of searches or queries made
      4. Telephone log information (calling party, forwarding numbers, duration of calls and types of calls)
      5. Cookies that uniquely identify your browser
      6. Collect and store information about your actual location
    4. If possible, when using Google services for university business, the data collection features listed in Section III(c)(1)-(6), should be turned off. If assistance is needed, please contact the IT Help Desk.
    5. Additionally, over time the university may enable or disable UMUC account access to specific non-GAE services as it deems appropriate.
  4. Usage
    In order to use any Google service as provided by UMUC, all participants must be aware of, agree to, and adhere to the following:
    1. When utilizing any Google service, you are bound by the UMUC Acceptable Use Policy.
    2. As stated in the UMUC Acceptable Use Policy, faculty and staff utilizing university resources acknowledge that UMUC has the ability to monitor, use, and disclose their data to appropriate authorities.
    3. GAE and other Google services are to be used for UMUC business only, and the employee must refrain from merging their personal Google service accounts with a UMUC Google service account.
    4. Employees should adhere to the UMUC Acceptable Use Policy 270.00, University of Maryland University College E-mail Guidelines Policy 270.10, and the UMUC Guidelines for Participation in Social Media in the use of their Google Services account.
  5. Data Protection Responsibilities
    1. Users of Google services must comply with the following guidelines when storing, maintaining or transmitting university information.
      1. Health Insurance Portability and Accountability Act (HIPAA) and Protected Health Information (PHI]: If you must transmit PHI by e-mail outside the university's domain, send the PHI as an encrypted attachment.
      2. Social Security Numbers, Financial Account and Credit Card Numbers: This type of data is protected by the Maryland Personal Information Protection Act, as well as other state and federal laws. If you must transmit such information outside the university's domain, send the sensitive information as an encrypted attachment.
      3. Family Educational Rights and Privacy Act (FERPA): Student educational records are protected under FERPA. If you must transmit student information outside the university domain, send the protected information as an encrypted attachment.
      4. Intellectual Property Rights and Participation of External Users: Google Apps permits users to invite other Google Apps users, both within the university and outside the university, to view data, co-edit documents, and use other collaboration tools. You are responsible for controlling access to data appropriately and for preventing accidental or undesirable file sharing in order to protect University of Maryland University College intellectual property stored, maintained or transmitted in Google Apps.