FACULTY AND STAFF: BEFORE USING BU GOOGLE APPS, PLEASE ENSURE THAT YOUR USE WILL COMPLY WITH ANY REQUIREMENTS YOUR SCHOOL, DEPARTMENT OR UNIT MAY HAVE ESTABLISHED REGARDING EMAIL AND DATA STORAGE.

By using Google Apps, you consent to Boston University, as the domain administrator, accessing, monitoring, using or disclosing data available within your Google bu.edu account, and to Google providing Boston University with the ability to do so.

Appropriate Use of Private and Sensitive Data

Boston University and Google have agreed to certain security standards for the data stored and maintained in the BU Google Apps suite of services. As a result, you may use a BU Google Apps account to conduct many activities in your capacity as a BU staff member, faculty member or student, provided that you do so according to the guidelines found at the BU Tech and Information Security Policies, including restrictions for use and storage of certain types of sensitive data, and the requirements of your school, department or unit.

Any document deleted from Google Apps cannot be restored by Google or Boston University; BU does not maintain a backup. Data that is important to the operations of the University should be stored and backed up locally rather than stored in Google Apps. IS&T offers the CrashPlan backup service for backing up key University documents stored on personal computers and laptops.

There are some kinds of information that neither BU Google Apps nor any other regular email service should be used to store, maintain or transmit. Below, you will find a brief description of several kinds of particularly sensitive information and the restrictions on its storage, maintenance or transmission using Google Apps.

  • Health Insurance Portability and Accountability Act (HIPAA) and Protected Health Information (PHI)

BU Google Apps should not be used to store, maintain or transmit protected health information (PHI), as that term is defined under the Health Insurance Portability and Accountability Act (HIPAA). PHI should be stored only on systems approved for such use by IS&T. De-identified PHI (PHI stripped of 18 identifiers specified under HIPAA) may be shared, but only as permitted by the relevant data use agreement or IRB protocol.

If you must transmit PHI by email, use the secure email service provided by IS&T.

For more information regarding HIPAA or PHI please refer to the HIPAA Security Policy and Procedures or contact BU Information Security at buinfosec@bu.edu.

  • Export Controlled Information

BU Google Apps should not be used to store, maintain or transmit export controlled information. Under some circumstances, sharing export-controlled information with collaborators who are not United States citizens or permanent United States residents is a violation of federal law. For additional information about export controls, review the export control materials on the Research Compliance website at www.bu.edu/orc/export. If you need to send scientific or technical information outside the University and you are not confident that it is not covered by export control laws, use the secure email service provided by IS&T.

  • Social Security Numbers, Driver’s License Numbers, Financial Account/Credit Card Numbers

BU Google Apps should not be used to store, maintain or transmit the above kinds of sensitive information. This type of data is protected by Massachusetts General Law Chapter 93H (the Massachusetts Identity Theft Law) and Regulation 201 CMR 17 (Standards for the Protection of Personal Information of Residents of the Commonwealth). Such data should be stored only on systems approved for such use by IS&T.

If you must transmit such information via email, use the secure email service provided by IS&T.

For more information regarding these requirements, contact BU Information Security at buinfosec@bu.edu.

Intellectual Property Rights and Participation of External Users

Google Apps permits users to invite other Google Apps users, both within the University and outside the University, to view data, co-edit documents, and use other collaboration tools. You are responsible for controlling access to data appropriately and for preventing accidental or undesirable file sharing in order to protect Boston University intellectual property stored, maintained or transmitted in BU Google Apps.

Google Policies

For an explanation of Google’s privacy and security policies, please see Google Security and Privacy for Schools, and Google’s general Security and Privacy page.