Document

Download Report

Transcript Document 

Google Apps, etc.
—
Legal and Policy Issues
Steve Worona
September 26, 2007
No shaggy-dog photos –
Just lawyer jokes
No shaggy-dog photos –
Just lawyer jokes
• “It depends.”
No shaggy-dog photos –
Just lawyer jokes
• “It depends.”
• “What do you want it to be?”
No shaggy-dog photos –
Just lawyer jokes
• “It depends.”
• “What do you want it to be?”
• FUD vs UnFUD
– Wow, that’s scary; don’t do it!
– If you want to do it, here’s how
No shaggy-dog photos –
Just lawyer jokes
• “It depends.”
• “What do you want it to be?”
• FUD vs UnFUD
– Wow, that’s scary; don’t do it!
– If you want to do it, here’s how
• Common issues when outsourcing comes up
– FERPA
– E-Discovery
FERPA – Background
• 1974, aka “The Buckley Amendment”
• Limits what you can do with “education
records” that you “maintain”
– FUD: Don’t tell anyone anything
– VT: Think again (or, at least, think)
• Plug: Oct. 17 EDUCAUSE Live! (McDonald/Tribbensee)
• Plug: Nov. 5 EDUCAUSE Live! (Blythe)
• Legal nuances
–
–
–
–
“Education record”
“Maintain”
Directory info, opt in/out, need-to-know, etc.
Leave it to the lawyers/registrars!
FERPA – Enforcement
• FPCO: Family Policy Compliance Office
– Leroy Rooker
– Your Registrar
• FUD: Complete loss of student funding
– Since 1974, imposed ___ times
FERPA – Enforcement
• FPCO: Family Policy Compliance Office
– Leroy Rooker
– Your Registrar
• FUD: Complete loss of student funding
– Since 1974, imposed zero times
• UnFUD: Letter from Leroy
– You seem to be in violation of FERPA; stop
FERPA – Enforcement
• FPCO: Family Policy Compliance Office
– Leroy Rooker
– Your Registrar
• FUD: Complete loss of student funding
– Since 1974, imposed zero times
• UnFUD: Letter from Leroy
– You seem to be in violation of FERPA; stop
• FUD: If we do that, some student will sue us
FERPA – Enforcement
• FPCO: Family Policy Compliance Office
– Leroy Rooker
– Your Registrar
• FUD: Complete loss of student funding
– Since 1974, imposed zero times
• UnFUD: Letter from Leroy
– You seem to be in violation of FERPA; stop
• FUD: If we do that, some student will sue us
• UnFUD: Gonzaga v Doe (2002)
FERPA and Outsourcing
• Mail as maintained education record (FERPA data)
– What do you want the answer to be?
FERPA and Outsourcing
• Mail as maintained education record (FERPA data)
– What do you want the answer to be?
• Mail as vehicle for FERPA-protected data
– FUD example: “Notification of grades via email is in
violation of FERPA. There is no guarantee of
confidentiality on the Internet. The institution would be
held responsible if an unauthorized third party gained
access, in any manner, to a student’s education record
through any electronic transmission method.”
What FPCO Really Says
While the law does not prescribe specific methods that should be used
to protect education records from unauthorized access or disclosure,
the prohibition in FERPA against disclosing or permitting access to
education records without consent clearly does not allow an
educational agency or institution to leave education records
unprotected or subject to access by unauthorized individuals, whether
in paper, film, electronic, or any other format. We interpret this
prohibition to mean that an educational agency or institution must use
physical, technological, administrative and other methods, including
training, to protect education records in ways that are reasonable and
appropriate to the circumstances in which the information or records
are maintained.
FERPA and Outsourcing
• Mail as maintained education record (FERPA data)
– What do you want the answer to be?
• Mail as vehicle for FERPA-protected data
– FUD example: “Notification of grades via email is in
violation of FERPA. There is no guarantee of
confidentiality on the Internet. The institution would be
held responsible if an unauthorized third party gained
access, in any manner, to a student’s education record
through any electronic transmission method.”
– UnFUD: Common sense, prudence, notification, …
E-Discovery — Background
• New federal rules as of late 2006
• Document, enforce, formalize maintenance
and backup standards
• Know where all of your corporate data is
E-Discovery — Background
• New federal rules as of late 2006
• Document, enforce, formalize maintenance
and backup standards
• Know where all of your corporate data is
• Prepare for “litigation hold”
E-Discovery — Background
• New federal rules as of late 2006
• Document, enforce, formalize maintenance
and backup standards
• Know where all of your corporate data is
• Prepare for “litigation hold”
– CIO’s: Fear and trepidation in their hearts
E-Discovery — Background
• New federal rules as of late 2006
• Document, enforce, formalize maintenance
and backup standards
• Know where all of your corporate data is
• Prepare for “litigation hold”
– CIO’s: Fear and trepidation in their hearts
– Lawyers: $$$ in their pockets
E-Discovery — Background
• New federal rules as of late 2006
• Document, enforce, formalize maintenance
and backup standards
• Know where all of your corporate data is
• Prepare for “litigation hold”
– CIO’s: Fear and trepidation in their hearts
– Lawyers: $$$ in their pockets
• Case law and refinements eagerly awaited
E-Discovery and Outsourcing
• First figure out your business practices
– Backups
– How to treat desktops, home systems
– “Customer” vs “corporate” data
• Then treat outsourcing in the context of agency
– Well-established legal concept
– Understood by attorneys on both sides
– Contracted terms of relationship and responsibilities
• What do you want the answer to be?
– FUD: It’s all in flux; let’s wait and see what happens
– UnFud: It’s all in flux; no reason not to go ahead
Questions
&
Discussion