Google Apps: Acceptable Use and Data Security

Your University of Minnesota Internet Account comes with access to a number of Google Apps.

The use of Google Apps at the University of Minnesota is subject to the University's policies:

UMN vs. Personal Google Accounts

It's important to remember that there is a difference between University of Minnesota Google Apps accounts and personal Google/Gmail.com accounts. They are totally separate from each other, and fall under separate and different contractual agreements, as well as different terms of service. Institutions that use Google Apps for their email, calendar and the other core applications.

In October 2009, the Office of Information Technology (OIT) began to offer Google accounts to University of Minnesota students, faculty, and staff. The information provided below explains the appropriate use of private and sensitive data as it relates to your role at the University.

Appropriate Use of Private and Sensitive Data

The University of Minnesota and Google have negotiated contract terms and conditions that protect the privacy and confidentiality of University student, faculty, staff, and alumni data placed in Google Apps for the University of Minnesota. As a result, users may use Google Apps for the University of Minnesota to conduct University activities that are aligned with their role at the University, provided they do so in accordance with theUniversity's Acceptable Use Policyand according to the restrictions outlined below for certain types of data.

Family Educational Rights and Privacy Act (FERPA) Data

Data protected by the Family Educational Rights and Privacy Act (FERPA) is permitted in Google Apps for the University of Minnesota, provided information is shared only between the student and those who have a legitimate education-related interest as defined by the University's Managing Student Records policy.

Health Insurance Portability Accountability Act (HIPAA) and Protected Health Information (PHI) Data

Data protected by the federal Health Insurance Portability and Accountability Act (HIPAA), and Protected Health Information (PHI) are not permitted in Google Apps for the University of Minnesota, with the exception of uses covered by theBusiness Associates Agreement (BAA)between the University and Google.

This agreement allowsAcademic Health Center (AHC)and Healthcare Component (HCC) colleges/schools, departments, centers, and units, and other departments with access to PHI, to use only the Core Google Apps. Please see theGuidelines for Email and Protected Health Informationfor additional information on using email and PHI.

If you require access to a non-Core App, you mayrequest an exception using this online form.

All questions or concerns regarding HIPAA or protected health information should be directed to:

Privacy and Security Office
University of Minnesota
(612) 624-7447
[email protected]
www.privacysecurity.umn.edu

Export Controlled Information

Export-controlled data (sensitive information subject to Federal Export Control Regulations) is not permitted in Google Apps for the University of Minnesota.

Intellectual Property Rights and Participation of External Users

Google Apps users can invite other Google Apps users, both within the University and outside the University, to view data, co-edit documents, and use other collaboration tools. It is the responsibility of each user to ensure appropriate sharing controls are used in order to protect intellectual property placed in Google Apps for the University of Minnesota, as well as to prevent accidental or undesirable file sharing.

Google Apps for Higher Education User Acceptance Agreement

The Google Apps for Education Agreement is the terms that the University of Minnesota has accepted on behalf of the organization. This agreement covers the core applications offered to Apps for Education customers (Gmail, Calendar, Drive, Sites, Talk/Hangouts, Vault). A copy of those terms can be found here: Google Apps for Education Terms of Service