Best Practices for Data Security in Dolphin Pod
During the 2012-2013 academic year, the Division of Technology & Communication (T&C) is launching Dolphin Pod, powered by Google Apps for Education, for CI students, faculty and staff (collectively referred to as “Users”). Dolphin Pod encompasses the set of services provided by Google via the Google Apps for Education platform, and includes Dolphin Email, CI Docs and other selected services. The information provided below explains the appropriate use of private and sensitive data utilizing Dolphin Pod as it relates to your role at the University.
Appropriate Use of Private and Sensitive Data
Users may use Dolphin Pod to conduct university activities that are aligned with their role at the University, provided that each User does so in accordance with University and CSU policy, and applicable state and federal laws.
Please see the T&C Policies and Procedures page for more information.
Your Data in Relation to Google
- Google does not own your data.
- Google does not share your data.
- Google keeps the data as long as you want them to.
- Google deletes the data when you ask them to.
For a clearly-worded explanation of Google’s privacy and security policies, see:
Security of Dolphin Pod
Dolphin Pod services are secure if used properly and can be used as an alternative to sending attachments; however, as noted below, there are some types of information that should never be stored or transferred via Dolphin Pod.
Family Educational Rights and Privacy Act (FERPA) Data
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. Student data protected by FERPA is permitted in Dolphin Pod. It is subject to access by school officials who have a legitimate educational interest as well as by other identified officials, as defined and identified by the University’s FERPA privacy regulation.
To the extent that Google has access to student educational records as a contractor for the university, it is deemed a “school official,” as defined by FERPA, under its agreement with the University, and will comply with its obligations under FERPA. Personally identifiable student data should never be made publicly accessible without the student’s signed, written consent. For more information, please visit the University’s FERPA page.
Personal identifiers, including Social Security, tax identification, drivers license, and bank account numbers, as well as other legally confidential data, are examples of protected information.
Users shall not share or transmit any protected information through Dolphin Pod without written permission from data owner, University information security officer (ISO) and Chief Information Officer (CIO). Please review the CSU Information Security Data Classification Standards (in PDF format) for descriptions of protected information. (To view this document, download Adobe Reader.)
Pursuant to Federal laws, CSU Channel Islands has a duty to safeguard every type of nonpublic, personally identifiable financial information, including payment/credit card data and related account information. Examples include information provided on an application for a credit card, payment history, and account balance information. In order to continue to safeguard and protect Users’ financial information, Users shall not share or transmit any form of financial account or credit card information through Dolphin Pod.
Export-Controlled and Other Sensitive Information
The United States’ export control laws forbid the unlicensed transmission of controlled items, software, and information to certain countries. These export control laws apply to controlled items even when transmitted primarily for storage or for further transmission purposes.
Dolphin Pod is not a good primary data transmission method for faculty and staff engaged in sensitive or highly-regulated subject matter. In particular, Users of Dolphin Pod must be aware that their data may be stored in data centers outside the United States. For these reasons, researchers working with controlled material should use another, secure means of data transmission. Export-controlled information is not permitted in any services that are part of Dolphin Pod, including transmission via Dolphin Email and storage in CI Docs.
Export-controlled data are legally protected and of high consequence. If you are uncertain whether your data are subject to export control laws, and/or whether you can send this data via email, please contact Neal Fisch at firstname.lastname@example.org.
California Public Records Act
University employees using Dolphin Pod should be aware that any documents or data they create may be subject to the California Public Records Act and may be potentially disclosed to third parties. Users are responsible for maintaining all versions of shared documents created using Dolphin Pod. Some services in Dolphin Pod (such as CI Docs) maintain a revision history for each document, which is lost when a document is copied. Should a User or an organization receive a public records request, please contact Human Resources at CSU Channel Islands before responding to this request.
Intellectual Property Rights and Participation of External Users
Users of certain Dolphin Pod services (such as CI Docs) can invite other Google Apps users, both within the university and outside the university, to view data, co-edit documents, and use other collaboration tools. It is the responsibility of each User to ensure that appropriate sharing controls are used in order to protect the University’s intellectual property or third party confidential proprietary information provided to the university under contractual terms requiring non-disclosure.
Document revised 2012-09-06