The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.

Transcription

1 Privacy and Security FAQ Privacy 1. Who owns the data that organizations put into Google Apps? 2. When can Google employees access my account? 3. Who can gain access to my Google Apps administrative account? 4. Who can gain access to my end-users' accounts? 5. Does Google give third parties access to my organization's data? 6. What kind of scanning/indexing of user data is done? 7. How long does Google keep my organization's data? 8. How does Google handle law enforcement requests? 9. How does Google process objectionably illegal content? 10. Where can I find more information on Google's Privacy Policy? 1. Who owns the data that organizations put into Google Apps? To put it simply, Google does not own your data. We do not take a position on whether the data belongs to the institution signing up for Apps, or the individual user (that's between the two of you), but we know it doesn't belong to us! The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things. 1. We won't share your data with others except as noted in our Privacy Policy. 2. We keep your data as long as you require us to keep it. 3. Finally, you should be able to take your data with you if you choose to use external services in conjunction with Google Apps or stop using our services altogether. 2. When can Google employees access my account? Google employees will access your account data only when an administrator from your domain grants Google employees explicit permission to do so for troubleshooting purposes. During the course of troubleshooting an issue or other investigation, the Google Support team may ask for the creation of a test administrator account, solely to be used to resolve the particular issue at hand. Google employees or automated systems may also take down any content that violates the Terms of Service.

2 3. Who can gain access to my Google Apps administrative account? Only the owner and managers of the domain name can create a Google Apps administrative account. Upon signing up, a Google Apps administrator is asked to verify control of the domain by making a change to the DNS records. Without this verification, Google will not allow an administrative account to be opened. None of the Google services can be actively managed for a domain until domain ownership is verified. After an administrator has verified ownership, other usernames in the account may be granted administrative privileges at the discretion of any administrator. Non-administrative users on the domain may also contact the Google Apps Support team to request administrative access. The normal domain verification process will take place to ensure that the requestor has domain management rights. Google employees may access your account if given explicit permission by the account administrator. Lastly, any individual who has access to your registered secondary address can initiate a password reset and access the primary administrator account. 4. Who can gain access to my end-users' accounts? Google Apps administrators for a domain can access all end-user accounts and the associated data, per the Google Apps privacy policy. As a domain administrator, you have control of all user names and passwords within your domain. You may access your users' accounts in conformity with the Customer Agreement. We do require that you have a policy about such actions that is published to your end-users. Google employees may not access end-user accounts except as described in Google's Privacy Policy. 5. Does Google give third parties access to my organization's data? Google does not share or reveal private user content such as or personal information with third parties except as required by law, on request by a user or system administrator, or to protect our systems. These exceptions include requests by users that Google's support staff access their messages in order to diagnose problems; when Google is required by law to do so; and when we are compelled to disclose personal information because we reasonably believe it's necessary in order to protect the rights, property or safety of Google, its users and the public.

3 For full details, please refer to the "Information Sharing" section of our Privacy Policy. 6. What kind of scanning/indexing of user data is done? In order to provide some of the core features in Google Apps products, our automated systems will scan and index some user data. For example: is scanned so we can perform spam filtering and virus detection. is scanned so we can display contextually relevant advertising in some circumstances. (Note that there is no ad-related scanning or processing in Google Apps for Education or Business with ads disabled) Some user data, such as documents and messages, are scanned and indexed so your users can privately search for information in their own Google Apps accounts. In other words, we only scan or index user content in Google Apps in order to provide features that will directly benefit users, or to help us maintain the safety and security of our systems. Except when your users choose to publish information publicly, Google Apps data is not part of the general google.com index. It's important to note that our scanning and indexing procedures are 100% automated and involve no human interaction. For complete information, see our detailed Privacy Policy, Privacy Principles, and our Google Apps Terms of Service (Google Apps, Google Apps for Business, Google Apps for Education). 7. How long does Google keep my organization's data? We believe that you should have control over your data. Google keeps multiple backup copies of users' content so that we can recover data and restore accounts in case of errors or system failure. When you ask us to delete messages and content, we will make reasonable efforts to remove deleted information from our systems as quickly as is practicable. Learn more. 8. How does Google handle law enforcement requests? Google complies with valid legal process. It is Google's policy to notify users before turning over their data whenever possible and legally permissible. 9. How does Google process objectionably illegal content?

4 Google will take down malware, pornography, child pornography, copyrighted or trademarked content when notified by a third party, or if our systems detect these types of content on Google servers. Google will contact the primary account administrator in the event content is taken down. Need to report abuse? Please see our Reporting Abuse Incidents page. Is my organization compliant with the European Commission Directive on Data Protection if we use Google Apps? Google adheres to the U.S. Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce s Safe Harbor Program. Generally, an organization must decide whether its use of Google Apps is compliant with any regulations it may be subject to. 10. Is my organization compliant with the European Commission Directive on Data Protection if we use Google Apps? Google adheres to the U.S. Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce s Safe Harbor Program. Generally, an organization must decide whether its use of Google Apps is compliant with any regulations it may be subject to. 11. Where can I find more information on Google's Privacy Policy? Please see our Privacy Center for more information:

5 Security 1. What does a Google Apps SAS70 Type II audit mean to me? 2. Where is my organization's data stored? 3. Is my organization's data safe from your other customers when it is running on the same servers? 4. An administrator/end-user deleted a number of messages, how can I recover them? 5. How do you protect your infrastructure against hackers and other threats? 6. How do you protect against machine failures or natural disaster? 7. Is it safe for my organization to access Google Apps over the internet? 8. I'm being asked to sign in at a different page. Why? 9. How do you protect my organization against spam, viruses and phishing attacks? 10. What is CAPTCHA? 11. How do I prevent spammers from spoofing my domain name? 12. How does Google respond to users in my domain who are sending spam? 13. Can my organization use our own authentication system to provide user access to Google Apps? 14. Does Google Apps offer SSL connectivity? 15. What is FISMA? 1. What does a Google Apps SAS70 Type II audit mean to me? An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard. The independent third party auditor verified that Google Apps has the following controls and protocols in place: Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps

6 2. Where is my organization's data stored? Your data will be stored in Google's network of data centers. Google maintains a number of geographically distributed data centers, the locations of which are kept discreet for security purposes. Google's computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks. Access to data centers is very limited to only authorized select Google employees personnel. 3. Is my organization's data safe from your other customers when it is running on the same servers? Yes. Data is virtually protected as if it were on its own server. Unauthorized parties cannot access your data. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via this virtual lock and key that ensures that one user cannot see another user's data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications. Google Apps has received a satisfactory SAS 70 Type II audit. This means that an independent auditor has examined the controls protecting the data in Google Apps (including logical security, privacy, Data Center security, etc) and provided reasonable assurance that these controls are in place and operating effectively. 4. An administrator/end-user deleted a number of messages, how can I recover them? Once an administrator or end-user has deleted any data in Google Apps, we delete it according to our privacy policy. Data is irretrievable once an administrator deletes a user account. If you need to recover messages, the Google Message Discovery (powered by Postini) service must be activated prior to the data recovery process. Google Message Discovery is available for Google Apps for Business and Education and can be purchased online from this site. For non- data recovery solutions, please consult the Google Apps Marketplace where one of our partners may have a solution suitable for your needs.

7 5. How do you protect your infrastructure against hackers and other threats? Google, an established provider of web-based services has gone to great lengths to protect against threats. Google runs its data centers using custom hardware running a custom OS and filesystem. Each of these systems has been optimized for security and performance. The Google Security Team is working with external parties to constantly test and enhance security infrastructure to ensure it is impervious to external attackers. And because Google controls the entire stack running our systems, we are able to quickly respond to any threats or weaknesses that may emerge. Google maintains a number of geographically distributed data centers. Google s computing clusters are designed with resiliency and redundancy in mind, eliminating single points of failure and minimizing the impact of common equipment failures and environmental risks. Access to our data centers is restricted to authorized personnel. How do you prevent and resolve security flaws in your applications? Google products and services go through a series of security reviews. If a security flaw is found in an application or infrastructure component, we evaluate the risk and respond accordingly. Because we are hosting the applications in our own data centers, we can quickly deploy fixes to all our systems without requiring any action on your part. 6. How do you protect against machine failures or natural disaster? The application and network architecture run by Google is designed for maximum reliability and uptime. Google's computing platform assumes ongoing hardware failure, and robust software failover withstands this disruption. All Google systems are inherently redundant by design, and each subsystem is not dependent on any particular physical or logical server for ongoing operation. Data is replicated multiple times across Google's clustered active servers, so, in the case of a machine failure, data will still be accessible through another system. We also replicate data to secondary data centers to ensure safety from data center failures. 7. Is it safe for my organization to access Google Apps over the internet? All Google Apps services provide the ability to access all data using encryption and customers can choose to require this option for their users. This helps ensure that no one except the user has access to his or her data. This is true for access to our mail, calendar, video, and chat data via our web applications. The mobile client also uses encrypted access to ensure the privacy of communications. We do not offer encryption on the Start Page service at this time. We also require encryption for access to your mail data by third party clients.

8 8. I'm being asked to sign in at a different page. Why? To help protect you against identity theft, we don't allow unauthorized non-google webpages to collect your Google username and password. Otherwise, a malicious website that wanted to steal your password could more easily pose as a friendly site. This form of fraud is called phishing. If you're ever in doubt, take a look at the internet address that's displayed in your browser's address bar. If the address isn't a Google website, don't enter your Google username and password. One exception to this policy is the single sign-on feature offered in Google Apps for Business. Admins can integrate Google services with existing web pages to provide a smooth user experience. Learn more 9. How do you protect my organization against spam, viruses and phishing attacks? Google has one of the best spam blockers in the business, and it's integrated into Google Apps. Spam is purged every 30 days. We have built in virus checking, and we enforce checking of documents before allowing a user to download any message. Most computer viruses are contained in executable files, so standard virus detectors scan messages for executable files that appear to be viruses. Google helps block viruses in the most direct possible way: by not allowing users to receive executable files (such as files ending in.exe) that could contain damaging executable code; even if they are sent in a compressed (.zip,.tar,.tgz,.taz,.z,.gz) format. Google supplies Chrome and Firefox users with constantly updated filters against phishing and malware. By combining advanced algorithms with reports about misleading pages from a number of sources, Google downloads to your browser a list of information about sites that may engage in phishing or contain malicious software. Safe Browsing is often able to automatically warn you when you encounter a page that's trying to trick you into disclosing personal information. Need to report abuse? Please see our Reporting Abuse Incidents page. 10. What is CAPTCHA? CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of security measure known as challenge-response authentication. It is a login verification test that only a human can complete, protecting your account from spam, password decryption, and

9 other forms of unauthorized digital account access. Google uses CAPTCHA to strengthen the security around the most sensitive account access points. Read more about CAPTCHA. 11. How do I prevent spammers from spoofing my domain name? Publishing your SPF records will secure your domain name from anyone attempting to spoof your domain. SPF allows a domain owner to use a special format of DNS TXT records to specify which machines/hosts are authorized to transmit for their domain, making it difficult to forge From: addresses. We strongly encourage you to publish SPF records for your domain. Need to report abuse? Please see our Reporting Abuse Incidents page. 12. How does Google respond to users in my domain who are sending spam? If Google identifies a Google Apps user who is spamming, we reserve the right to immediately suspend the user. If the spam is domain-wide, we reserve the right to suspend the entire account and deny administrator access to all the Google Apps services. This is in accordance with the Google Apps Acceptable Use Policy. We will notify the registered secondary address of any spam violations. Need to report abuse? Please see our Reporting Abuse Incidents page. 13. Can my organization use our own authentication system to provide user access to Google Apps? Google Apps integrates with standard web single sign-on systems using the SAML 2.0 standard. Organizations can do the integration themselves, or work with a Google partner to accomplish this. 14. Does Google Apps offer SSL connectivity?

10 Editions supported: This feature is available in Google Apps for Business and Education. Compare editions now SSL (Secure Sockets Layer) is a protocol that provides secure communications on the Internet for such things as web browsing, , instant messaging and other data transfers. If you enable SSL connections, Google will force HTTPS (Hypertext Transfer Protocol Secure) when your users access most services in Google Apps. SSL varies by service and is available for , chat, calendar, docs, and sites. Please note that SSL access is not available for the Google Apps Start Page, Google Video for Business, and the Google Talk desktop client. The advantage of SSL is added security for your users. If your users access Google Apps on a non-secure Internet connection, such as a public wireless or non-encrypted network, your users' accounts may be more vulnerable to hijacking. A secure connection prevents hijacking by protecting the cookie session. Cookie session hijacking refers to a situation where an impostor gains unauthorized access to cookies and seizes control of a legitimate session while it is still in progress. However, forcing HTTPS for your users can make Gmail a little slower. Also, please note that, if you enable SSL, you will not be able to see your mail in the Gmail gadget on the Google Apps Start Page since it is not served over SSL. If you trust the security of your network, you can turn this feature off at any time. When the feature is disabled, your users will access Google Apps via HTTP (Hypertext Transfer Protocol). To enable this feature: 1. Sign in to the Google Apps administrator control panel. 2. Click Domain settings. 3. Under the General tab and in the SSL section, check the box next toenable SSL. 4. Click Save changes. To enable this feature for an individual account, visit the Gmail Help Center. Note: If you force HTTPS, your users won't be able to disable HTTPS on an individual basis. However, if you don't force HTTPS, your users can enable HTTPS when necessary but only if you also have enabled the Enable pre-release features check box in your Google Apps control panel. Back to Google Apps control panel help 15. What is FISMA?

11 The Federal Information Security Management Act of 2002, or "FISMA", is a United States federal law pertaining to the information security of federal agencies' information systems. FISMA applies to all information systems used or operated by U.S. federal agencies -- or by contractors or other organizations on behalf of the government. Google Apps has received an authority to operate at the FISMA-Moderate level -- the standard level for Federal systems -- from the U.S. federal government. If you want to learn more about FISMA, there is a very thorough entry on Wikipedia.