Google Apps data & security

Frequently asked questions about how Google looks after your data, and restrictions from certain countries.

Are there any data protection risks?

We've thoroughly investigated the legal situation and there is no reason why most data can't be stored in the cloud.

You may remember that an earlier project rejected a move to cloud computing because of concerns about data security - a number of changes have been made since then which reduce the earlier risks.  

However, there are some significant exceptions - for example, sensitive research data - and departments will need to ensure that such data is handled appropriately. We provide more detailed information on Privacy and data protection, and you can contact the University's Data Protection Co-ordinator for advice.

Are there any security risks with Google Mail?

We believe that Google will provide a more secure email system than we can provide on campus.

Google have 24/7 cover with dedicated security teams, secure data centres worldwide, and many other systems that we cannot duplicate.

In addition to this, if you'd like to protect against the most likely cause of data loss (ie your password being stolen), Google mail supports two-factor authentication, which makes it very secure.

See Getting started with 2-step verification for more information. 

How secure is Google Docs? Can we use it for draft exam papers and other sensitive material?

Google Docs is very secure - by default, newly created documents are only accessible by the document owner. Access is granted either by changing the sharing settings (for example, giving individuals or groups the right to view or edit a document) or by adding the document to a collection, so that it inherits the collections sharing settings.

 

In terms of storing and sharing sensitive documents like draft exam papers, Google Docs is safer and more secure than using either email or USB sticks.
 
Please also see our information on Privacy and data protection.

This means my email and calendar will be stored offsite. How will you ensure I can access it?

To ensure that offsite connectivity is resilient, we are upgrading our link to the Yorkshire and Humberside Universities' Metropolitan Area Network (YHMAN), which also provides access to SuperJANET and to the Internet.

Will I be able to access Google Apps for Education in China? Is it restricted elsewhere?

Access to some Google products is blocked within China. Not all tools within the suite are blocked at all times - it's possible to check the current situation using: 

Our advice is that members of the University visiting China use these resources to see what's currently available/unavailable. 

If the service you need to access is blocked, you should connect via the Web VPN (https://webvpn.york.ac.uk).

The desktop Junos Pulse tool may not work in China, but you can enter the appropriate URL (eg https://mail.google.com) in the box in the top right of the VPN web page to access the service you require. BlockedinChina.net shows webvpn.york.ac.uk as not blocked.

Google restrict access to some services in certain countries including (at the time of writing) Iran, Sudan, Syria, North Korea and Cuba. They maintain a full list online:

As above, if the service you need to access is restricted, you should connect via the Web VPN (https://webvpn.york.ac.uk).

Can I use Google Apps for Education @ York for my personal email and documents?

We would strongly recommend that you don't do this.

Because this is a University-provided facility, it may sometimes be necessary for us to access your email and files This is only done with appropriate permissions and in accordance with legal requirements and University regulations, but we advise that you maintain a separate account for personal email and documents.

What happens to data (eg documents) held in Google Apps when someone leaves?

When an account is deleted, all the data associated with it - including email, Google Docs, sites etc is deleted. However, this doesn't happen immediately someone leaves - instead the account is suspended for 12 months, which allows a grace period when vital information - for example, shared documents which the department requires access to - can be retrieved by IT Services in accordance with applicable laws and regulations. 

 

To request this, please contact IT Services.