When gmav was first introduced at UNO (Fall 2008), Information Technology Services (ITS) thoroughly researched the security to assure that it conformed to university/governmental security, privacy, compliance, and confidentiality policies.
The following are answers to a few questions you may have related to gmav security and privacy:
Who owns the data?
A clause in the Google contract defines who owns the data. The following is an excerpt from that contract:
"7.1 Intellectual Property Rights. Except as expressly set forth herein, this Agreement does not grant either party any rights, implied or otherwise, to the other's content or any of the other's intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data, and Google owns all Intellectual Property Rights in the Services.
To put it simply, Google does not own your data. We do not take a position on whether the data belongs to the institution signing up for Apps, or the individual user (that's between the two of you), but we know it doesn't belong to us!
The data, which you put into our systems, is yours, and we believe it should stay that way. "
Is my password safe?
Yes, because Google provides a method for UNO to integrate our security and authentication methodologies. When entering your password to access gmav it is done on UNO servers and the password is never passed to Google. Google Apps provides this option using an industry standard SAML 2.0. When you reset your password this action is completed on UNO servers.
Does Google read and data-mine the content stored in my gmav account?
Google's servers will automatically process all content in order to index the data for faster searches. Google will not use the data for advertising, profiling, or anything other than indexing.
Is my data safe with Google?
Yes, Google has secure servers and facilities along with good protection against malicious attacks and hackers. Google has completed an independent third party audit and auditor issued an unqualified SAS70 Type II certification. SAS 70 Type II audit is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). The audit includes information technology and related processes.