MSU has executed a Google Apps for Education Agreement (the “Agreement”) with Google for MSU-specific access to a core set of Google Apps (“Core Apps”). This gives MSU and its Google Apps users contractual terms of service that are better, for many MSU purposes, than the standard terms of service one gets when using the Google consumer products as an individual public user.
While the Agreement is helpful, MSU users should still exercise caution in their use of MSU Google Apps. This document is intended to provide guidance to help individuals make informed, well-considered choices about appropriate use of the Google Apps for Education service. It is based on the risk assessments described in the Appropriate Use of Cloud Computing document.
Generally, Google Apps for Education (also known as G Suite for Education) should be appropriate for many uses in instruction and scholarship, and even some “low consequence” business and administrative uses. The Agreement allows Google to store MSU Educational Records and requires Google to comply with FERPA as if the company was a “school official.” The Office of the Registrar offers FERPA self-assessment and privacy guidelines.
MSU users of Google G Suite for Education must still exercise care when sharing data using any of the Google Core Apps covered by the Agreement. MSU users still own the responsibility of setting sharing permissions appropriate to the educational records contained. MSU users must also carefully consider:
- Where the authoritative copy of educational records is kept.
- Whether the sharing permissions on any particular document complies with MSU policies, including those regarding Access to Student Information.
- Whether privacy and confidentiality concerns around any particular piece of information or data is appropriate to inclusion in a document hosted by Google.
Google G Suite for Education is NOT appropriate for use with most other forms of MSU Confidential Data. While this section summarizes the guidance provided in this document, potential users of Google G Suite for Education are strongly encouraged to read this entire document and the Institutional Data Policy carefully and give each of their uses of the Apps consideration in line with the concepts described in this document.
Assessing Risk Elements
The Office of the Vice President for Information Technology and CIO and MSU’s Office of General Counsel have outlined several areas of risk relative to use of cloud computing resources. The following clarify how to interpret the Agreement relative to these risk areas.
Non-negotiated terms of use
The Google Apps for Education/G Suite for Education Agreement is largely non-negotiated. The Agreement provides better protections for users and institutional interests than the consumer terms of service, and therefore the Core Apps are suitable for many of the types of uses that MSU users will wish to engage.
Control of user content
Ownership and rights of use
Users of the Core Apps consent to give Google the right to use their content for transferring, processing, and storing their content in order for Google to provide the service. The Agreement states that MSU owns all intellectual property rights to MSU’s data, which is consistent with MSU’s intellectual property policies. The Agreement does not contain any transfer of license to Google for any user content in the ways that the Google Consumer Terms of Service have sometimes done.
Facilities and data transfer
Google facilities adhere to at least industry standards. Google facilities that store and transmit data may be located internationally. MSU’s Agreement does not constrain Google from moving or storing MSU data abroad.
Security and privacy
The Agreement commits MSU (as the service administrator) to protect the privacy rights of its end users under all applicable laws and regulations, which is consistent with MSU’s policies and customary practices. The Agreement also commits Google to protect MSU confidential information with the same standard of care it uses to protect its own confidential information, and not to disclose any confidential information except as necessary to provide the services. The Agreement commits Google as a “school official” to act as a custodial agent on behalf of MSU for FERPA protected Educational Records.
As part of the Agreement, MSU agrees to follow the Google Apps Acceptable Use Policy (AUP).
Backups
The Agreement is silent regarding backing up user data. MSU users should assume their data are NOT backed up. Google does NOT provide recovery services for lost end user data. MSU IT Services does NOT back up MSU data on Google services. MSU users should assume individual responsibility for regularly backing up information and data they store with Google and adhering to a university record retention schedule.
Assured purging
The Agreement is silent regarding assurances related to purging. Residual copies of deleted data may, in fact, remain on Google’s hosting environment after MSU users delete the data. It is unclear if the data is entirely purged from the services.
Non-negotiated changes to terms of use
Google may change the Google AUP, but if it wishes to make a material change it will notify MSU in advance of the change. At that time, MSU may choose not to agree to the change in which case the Agreement provides mechanisms for how use of the services may proceed, or not.
Non-negotiated changes to the service
Google may make “commercially reasonable modifications to the services” from time to time, but will notify MSU about these modifications.
Non-negotiated changes to the business model
The latest Agreement has a specified term of three years effective August 2, 2013, and will automatically renew for one-year extensions thereafter unless MSU notifies Google in advance of its wish to terminate the Agreement.
The Office of the Vice President of Information Technology and CIO will work with the Office of General Counsel, Office of the Registrar, and other relevant units to review changes to the Agreement and make decisions about continuation or termination. Thus, MSU users may feel reasonably assured that the services will remain free of charge and that institutional officials will appropriately oversee the Agreement covering the Core Apps for a known period of time.
Data formats
Users can manually export many types of individual files created within the Core Apps to common data formats such as Microsoft Office, PDF, and iCalendar. Exported data will likely lose some information such as version and collaboration data. Uploaded content generally will remain of the original type and can be downloaded. Users will be able to remove their content, or copies of the content, from the service in ways they are familiar with just as users of the consumer versions of Google Apps/G Suite.
Indemnity and liability
Google will NOT be liable in any way for MSU, in the event Google loses any content, information, or data provided by MSU or its end users, regardless of the financial, operational, or reputational impact on MSU. Google does not provide indemnity to MSU, in the event of an intellectual property dispute with a third party over technology used to provide the service. However, responsibility for third party copyright infringement involving content uploaded to the service resides with the party uploading and sharing the content (not with Google or MSU). Google reserves the right to remove or block content that receives copyright infringement or abuse complaints (e.g., Digital Millennium Copyright Act complaints from copyright holders).
Your Responsibility as a Document Owner
Document owners using the Core Apps must regularly review sharing permissions to validate that authorized parties have valid need-to-know credentials, and that content of documents is appropriate for hosting under the Google Apps/G Suite for Education Agreement. Document owners must ensure compliance with MSU policies when granting access to documents and avoid improper disclosure of confidential data that could occur from sharing folders and individual documents. Document owners must back up their content.
Risk Triage for Institutional Data Using Core Apps
The following risk triage steps are included to help identify potentially appropriate uses of Google Apps/G Suite for Education by eliminating the riskiest use cases based on the types of data intended to be deployed in using the service.
1. Confidential institutional data
MSU is obligated by law and certain contractual obligations to protect certain types of data. These data types are described in the MSU Institutional Data Policy where they are referred to as “confidential data.”
The Google Apps/G Suite for Education Agreement provides provisions that allow use of FERPA protected data, assuming MSU users properly control access (see MSU’s Policy on Access to Student Information).
The Agreement does NOT contain strong enough provisions to allow use of Core Apps for most other confidential data types.
Avoid using Core Apps (or any other Google App) for confidential data such as:
- “High Consequence” business records (see below and remainder of document for definition of “high consequence”).
- Institutional data that could, by itself or in combination with other such data, be used for identity theft or related crimes.
- Institutional data whose public disclosure is restricted by law, contract, university policy, professional code, or practice within the applicable unit, discipline, or profession.
- Records of the university’s security measures.
- Institutional data whole value would be lost or reduced by unauthorized disclosure or by disclosure in advance of the time prescribed for its authorized public release, or whose unauthorized disclosure would otherwise adversely affect the university financially.
- HIPAA-protected clinical records. (MSU has not yet executed a Business Associate Agreement with Google, nor have administrative parties responsible for MSU’s HIPAA compliance reviewed the Core Apps or the Agreement for use with such data.)
Information subject to export controls
MSU users should NOT use Google Apps for any information or data that is controlled for export under U.S. export control laws.
2. Institutional business records
Definition of a record
The International Standard for records management, ISO 15489, defines a “record” as “information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business.” Many types of data we receive or create every day fit this definition and do not necessarily involve confidential data types, but deserve appropriate care in how we manage the records.
Business records can take the form of email, email attachments, and other electronic communications, including documents posted and edited in file shares, wikis, and a variety of other electronic tools. Business records can also be calendar entries, particularly those involving important meetings or events (e.g., meetings involved in due process protocols, vendor contacts during bidding).
High consequence business records
“High consequence” business records are those for which loss or inappropriate disclosure would result in a high consequence in terms of economic loss, legal liability, or loss of public trust.
Protect against loss
To protect against loss, backup all records according to the university’s record retention schedules. Users must do their part to follow the university retention schedules appropriately, by retaining authoritative copies of MSU’s records in a reliable and secure system more directly under institutional control.
Protect against inappropriate disclosure
The Agreement allows for the appropriate use of the Core Apps for educational records that are subject to FERPA. Users must properly control access for FERPA-protected records to prevent inappropriate disclosure. The Core Apps should NOT be used with other forms of “high consequence” records such as Human Resources or Financial records.
Low consequence business records
Use of the Core Apps for “low consequence” business records may be acceptable, but users should take care to maintain appropriately secured copies of such records outside of the Core Apps and ensure the records do not pose a risk or liability to the university.
3. Student, faculty and staff intellectual property
The same “high consequence” notion may be applied to intellectual property as a data type. It would be recommended NOT to use theCore Apps for any “high consequence” intellectual property. However, the Core Apps are reasonably appropriate to use when the value of the intellectual property is immaterial compared to the value of the services a user will enjoy in using the services.
4. Agency decisions
Subject to the considerations described for intellectual property, above, the Core Apps are likely to be appropriate for general use in instruction and research collaborations. The Agreement offers property protections that are reasonable for all but high consequence forms of data and intellectual property. An instructor or scholarly investigator should be reasonably comfortable suggesting use of Core Apps with their students and collaborators, again subject to consideration of the preceding risk triage steps.
Questions and Support
If you are unsure about Google Apps usage, please do not hesitate to contact the MSU IT Service Desk for assistance at (517) 432-6200.
Updated language on October 30, 2014 from the August 29, 2009 version. Also added more details and examples in the October 30, 2014 version.
Moved document from PDF to in-line web text and added some web formatting in October 2014.
Revised in October 2016 to add references to the name G Suite for Education per vendor service name change.
