• UCD MAIN MENU
  • Prospective Students
  • International Students
  • Current Students
  • Alumni & Friends
  • Visitors
  • Staff
  • President's Office
  • Colleges & Schools
  • Institutes & Centres
  • Research
  • Sport & Societies
  • Library & Archives
  • Administration

Gaeilge

Privacy

Disclaimer

Freedom of Information

Google Apps in UCD and your privacy

UCD is providing some of our services through Google hosted services. This is part of a widespread change in the way organisations provide services using ‘cloud computing’. This means that applications and information services are provided and data stored outside the organisation. We consider the issues of privacy and security to be crucial in providing such a service, and this document (UCD access only) has been prepared to provide information in this regard.

Key Points

Google provide these services to universities all over the world and the issues of privacy and ownership are covered by the Google Apps Education Edition Agreement. UCD entered into this agreement with Google in late 2009. The key points are:

1. Intellectual property- UCD owns the information held in the service. From the Education agreement: '... customer owns all intellectual property rights in Customer data'.

2. Data Security- Google independently verifies processes and procedures used to secure data, using common industry certifications, such as SAS 70 and FISMA.  Under these mechanisms, Google takes appropriate technical and organisational measures to protect data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access.

3. Advertising- Our contract does not allow Google to serve ads

Data Protection

UCD is bound under Irish law by the Data Protection acts, and this is reflected in our agreement with Google. In order to process personal data, Google must protect all confidential information in the same manner it protects its own, and it has also signed up to the U.S.-EU Safe Harbor program, a mechanism where US based companies agree to manage data under EU-compliant rules:-

“Organisations that transfer personal data from Ireland to third countries – i.e. places outside of the European Economic Area (EEA) – will need to ensure that the country in question provides an adequate level of data protection.  Some third countries have been approved for this purpose by the EU Commission.  The US ‘Safe Harbour’ arrangement has also been approved, for US companies which agree to be bound by its data protection rules.”

Related documentation

Overview of UCD's approach to security and privacy aspects related to Google Apps.

A list of frequently asked questions on Security and Privacy for Google users can be found here

For an overview of how Google approach privacy and security we recommend reviewing the following information:

Google Privacy Policy

Google Privacy Principles

Google Apps Security Whitepaper 2010 (UK) 

Google Apps Security page

FISMA- (Federal Information Security Management Act) Google adheres to this US act for apps based services provided to the US government. This wikipedia article provides a good introduction and background to the topic.

SAS 70- This is a certified statement of compliance with specified controls- an audit company provides an opinion on whether a company’s security controls as stated are in effect at a point in time.