Monday, September 17, 2012

Privacy Issues with Google Apps

I was recently reminded of the fact while Cloud Computing is currently a hot topic, there are still many people who aren't ready to take the plunge; many of them cite privacy concerns as their main source of hesitation.  While I can't speak to every cloud provider, I can talk about Google Apps.


Google made news early in 2012 when they announced their revision and consolidation of their public privacy policies.  These policies went into effect on March 1, 2012.  This article hopes to shed some light on what's changed and what the changes may mean to you.

Note -- I'm not a lawyer and this is not legal advice; I encourage you to carefully review Google's terms of use, privacy statement, and other materials, including any Google contracts you have or may be considering, and contact your legal counsel with questions or concerns.




Google Apps Privacy for Business, Education, and Government

This new policy only applies to Google Apps Personal Edition domains and use of consumer services.  So, for example, if I had a free Google Apps Personal Edition domain, I would be subject to this new privacy policy.  Similarly, if I go to Google's site without logging in, the new privacy policy will be in effect until I login.

Google Apps for Business, Education, and Government all have contractual agreements between their organizations and with Google that govern the interactions those domains' users have with Google.

What Measures Are in Place to Protect My Privacy?

Somebody once responded to the contract statement with, "Yeah, but do you really know?"  Yes, actually, with Google Apps, you really do know.

SAS 70 Type Audits

Google Apps has completed SAS 70 (Type I and Type II) audits verifying the effectiveness of their processes and controls, particularly as they apply to Privacy and Security.  Google has had this certification in place since 2008.  See Google's official post on the topic:

http://googleenterprise.blogspot.com/2008/11/sas-70-type-ii-for-google-apps.html

FISMA

Google Apps for Government, a subset of Google Apps for Business, has received FISMA (Federal Information Security Management Act) certification.  That is, Google Apps for Government successfully passes periodic reassessment of the information security policies and procedures as articulated in the Act.  For more information, see Google's official post on the topic:

http://googleenterprise.blogspot.com/2011/09/google-apps-data-protections-verified.html

Google Apps Privacy for Free and Consumer Services

The new, consolidated privacy policy replaces the privacy policies from about 60 of their services.  The stated goal was that the consolidated privacy policy would be shorter, simpler, and with less legalese than before.

The main concept behind the new, consolidated privacy policy is that if you sign in to Google using a consumer Google account (as opposed to a Google Apps account for a business, school, government agency, etc. that uses Google Apps for Business, Google Apps for Education, or Google Apps for Government, respectively), you will be treated as a single user across the 60+ services that fall under this privacy policy.  As a result, Google can share your data from one Google Apps service with another Google Apps service.

For more information about the new privacy policy, check out the following links:


Results of the new Privacy Policy

Google's stated intention with this revised policy is that they want to use data about consumers to help those consumers experience a richer, more refined level of service than ever before.  Google's FAQ says that an example of this could be that given your current location, a meeting you have on your calendar, and the current traffic conditions between where you are and where the meeting is, Google could advise you as to the probability of your arriving at your meeting on-time.  They would correlate information from Google Maps, Google Calendar, etc. to provide this level of service.

Google also asserts that you can expect to see "better" search results and more applicable advertisements based on data collected from your use of Google's services that fall under this privacy policy.  For many people, this is likely to be the "gotcha" point of this new privacy policy.

Data Disclosure under the new Privacy Policy

Google asserts that your private information will remain private.  Google won't be posting your most embarrassing secrets on a "Wall of Shame" and there won't be any impromptu meetings held at Google Offices to critique your latest uploads to Google Drive.

Can Google Sell Your Information to Third Parties?

Google does not sell user information.

When Can Google Release my Information?

Google can release your information when they're faced with a court order.

Can I See What Google Collected About Me?

Yes, absolutely.  Go to Google Dashboard.

What can I do?!

It may be difficult for many individuals or organizations to pack up and close their accounts at any given moment, so you may wish to consider upgrading your account.  When your organization upgrades to Google Apps for Business, Education, or Government, a new agreement is formed between your organization and Google; this new agreement offers your organization new terms of use which you may wish to consider with your organization's attorney.  

If your organization is a business or a governmental agency, Google Apps costs $50 per user per year or $5 per user per month (which comes out to $60 per user per year).  If your organization is a 501c3 nonprofit organization with fewer than 3,000 users or an accredited school, college, or university, Google Apps for Education may be a great solution for your organization; best of all, it's free!

For more information about deploying Google Apps for Business, Education, or Government for your business, school, college, university, nonprofit organization, or governmental agency, please contact KDA Web Technologies.  We can help you get rolling on your deployment quickly and efficiently.  KDA Web Technologies is a Google Apps Authorized Reseller and KDA principal Wes Dean is a Google Apps Certified Deployment Specialist.

--

Wes Dean, a Google Apps Certified Deployment Specialist and a Google Apps Trusted Tester, is Principal of KDA Web Technologies, a Google Apps Authorized Reseller.  To learn how Wes and KDA Web Technologies can help you, go to http://www.kdaweb.com/.