FERPA considerations for cloud services

11 09 2012

I sat in on today’s meeting of IMAC (the Information Management Advisory Committee) on behalf of TAG. There were two major items discussed – a revision to the Records Management & Retention Policy (which I don’t think will have much direct impact on faculty) and a set of Guidelines for the Use of Cloud Computing Services.

The Guidelines are not policy – the document just list some of the concerns and considerations faculty and staff should be aware of when signing up for cloud services like Gmail, Google Docs, Dropbox, Facebook, Twitter, Pinterest, PayPal, etc.

The Guidelines are currently in draft format, so I’ve been asked not to distribute them outside of TAG. Non-TAG members, the new Guidelines will be sent out in 3-4 weeks, but in the meantime take a look at former Information Security Officer Tony Maszeroski’s Guidance on the Use of Cloud Applications by Individuals – the new Guidelines are similar in content.

One of the major concerns with using cloud services for University-related work (like teaching) is that it introduces all sorts of privacy and security issues. Almost all student information, like grades, transcripts, class lists, etc, is classified as restricted or confidential (see the Information Classification Policy) due to FERPA.

Classified or restricted information should not be stored or transferred on non-University systems, so faculty need to be very aware of what information we’re sharing with what third parties. If you’re using cloud tools or social media as part of your class or lab, you need to be very conscious of any potential privacy violations, and be upfront with students about the terms of service.

(See EDUCAUSE’s 2010 report on Privacy Considerations in Cloud-Based Teaching and Learning Environments. Colorado Community Colleges Online has posted some scenarios relating to respecting FERPA in an online classroom.)

I don’t think this is an issue that most faculty are very aware of, and I’d like to get a sense of how TAG can help faculty sort out these considerations in their classes. So let me know what you think – What questions do you have? What resources or references would be useful?


Comments : 5 Comments »
Tags: , , , , , , , ,
Categories : Announcements, Online courses, Security

Email Migration for Gmail Users

10 01 2012

DISCLAIMER: IR has warned TAG that faculty need to be extremely careful about using Gmail.  Our Information Security Manager Tony Maszeroski says, “Individuals shouldn’t, in general, be storing their University credentials on external systems… there are HUGE potential issues with storing University email on external systems that end users need to be aware of –  (FERPA, Court-ordered eDiscovery, Business continuity (access to separated employee’s email accounts), International legal jurisdiction, PATRIOT act requests, etc).” See Tony’s Guidance on the Use of Cloud Applications by Individuals for details.

—————————-

Not that TAG recommends it, but on the off chance that some of you might be using Gmail to read your University email, and should you hypothetically want to continue doing so, you will need to change your account settings in Gmail after your University email has been migrated (see the migration schedule here).

1. The morning after your overnight migration, log in to my.scranton and claim your new account (step by step instructions).

2. The last step of claiming your account is logging out and logging back in to my.scranton, so that you see the Live@Edu icon in the upper right of your my.scranton home page.  Click on that icon to get into your Live@Edu account.

3. Look for a question mark at the top right of your Live@Edu web app. Click on it and select “About” from the drop down menu.

4. You’ll get a page of information. From this page you need:

  • External POP setting: Server name, Port, and Encryption method
  • External SMTP setting: Server name, Port, and Encryption method

5. Log in to your Gmail account.

6. At the top right of Gmail, click on the gear icon and select “Mail Settings.”

7. Click on “Accounts and Import.”

8. Under “Check Mail using POP3,” click on “Add a POP3 mail account you own.”

9. In the pop-up window, put your new Live@Edu email address – for most of us, that’s firstname.lastname@scranton.edu.

10. You’ll then be asked for your mail settings:

  • Your username is your new email address – firstname.lastname@scranton.edu
  • Your password is your new password (remember, you had to reset it when you claimed your Live@Edu account).
  • POP Server – put in the server name that you found on the “About” page of your Live@Edu account.
  • Port – put in the POP port number from your “About” page.
  • Check the box for “Always use a secure connection (SSL) when retrieving mail”.
  • “Leave a copy of retrieved messages on the server”: If this box is not checked, Gmail will download the mail locally and then delete from Live@Edu. Your mail will be in your Gmail account, but that is the only place where it is stored. If you would like to access your mail via Live@Edu as well as Gmail, click this box.
  • “Label incoming messages”: You have the option to automatically put a label on all the mail coming in from this account. Labels in Gmail are like folders in other mail applications. This will help you keep your “work email” separate from your personal email, if you want to make this distinction.
  • “Archive incoming messages”: Gmail allows you the option to simply not put the messages in your main inbox. Chances are, you don’t want this button checked.

11. Click “Add Account.” Gmail will attempt to access the account and will show you an error message if it cannot.

12. Next, Gmail will ask you if you want to be able to send mail from your University email account. If so, click “Next Step.”

13. Pick your display name. Your email address should already be there.

14. “Treat as an alias” – Gmail historically has treated your added email addresses as aliases, so it treats mail sent from your scranton.edu address the same way as mail sent from your Gmail address. The option to deselect “Treat as an alias” is pretty new – see Google’s explanation here.  For most of us, you’ll probably want to continue treating your scranton.edu address as an alias, so keep this box checked.

15. Click “Next Step.”

16.  Now you have an option:

  • “Send through Gmail (easier to set up)”: This is easier. BUT, it just looks like the mail is sent from you. If you use this method, it’ll say something like sent by you@scranton.edu, but the actual electronic breadcrumbs will be myaccount@gmail.com. If you’re ok with that, go ahead and click there. They’ll send you a verification email, click the link, and you’re good to go.
  • “Send through scranton.edu SMTP servers”: This will make sure that your mail will be sent through Live@Edu’s servers.  If you select this, you’ll be given a form to type in. Use the SMTP server, port, and encryption method from your Live@Edu “About” page to fill in the remaining boxes.  Your username is still your email address – firstname.lastname@scranton.edu.

17. Click “Add Account.” Gmail will send you a confirmation email. Click the link in that email, or enter the confirmation code and click “Verify.”

18. Done!  Go back to “Accounts and Import” under “Mail Settings” to delete your old account from “Send Mail As” and “Check Mail Using POP3.”

19.  Update any listservs, etc that you subscribe to with your new address.  Don’t forget — you’ll still receive email sent to your old address (lastname2@scranton.edu), but you won’t be able to send mail from that address.


Comments : 3 Comments »
Tags: , , ,
Categories : Announcements, Email, Technology Training, Tutorials

Meeting Notes 11/11/2010

11 11 2010

Another month, another TAG meeting.  We had a packed agenda today and did our best to at least touch on each issue.

New member:

  • Anne Marie Stamford, Assistant Provost for Operations, has joined the committee as a representative for the academic administration.  Anne Marie was invited to join after we realized she was dealing with some of the same questions as TAG (e.g., how to get feedback from faculty on technology issues). Welcome, Anne Marie!

Follow-up on survey results:

  • The results from our 2010 survey on faculty communication have been posted to the TAG site, both summarized and in full.
  • Jim, Jeremy, and Kristen drafted up responses to the “Top 9” major concerns from the survey comments.  TAG members have until Monday to make any edits/suggestions.
  • What’s the best way to distribute these “Top 9” responses to faculty?  On one hand, we want to get the information out quickly rather than holding it back – and some of the issues (i.e., requesting new computers) are time sensitive. On the other hand, we do want people to actually consider and respond to the “Top 9,” not just ignore them as tl;dr.  Our current plan is to post them (individually) to the TAG site, and then send out an all-faculty email with the first response on communication, and links to the next 8 responses.  If we don’t get a lot of feedback on the other 8 responses, we can also send out updates on the next 8 posts at regularly spaced intervals (e.g., 2x/week).  Jeremy and Kristen will coordinate this with Anne Marie.
  • Sending email to all faculty that includes non-scranton.edu links is somewhat of an issue. IR wants to make sure that people are very cautious about what links they click on, in light of the many recent phishing attacks.
  • Anne Marie suggested that some of the “Top 9” responses would be of interest to staff.  She will share them with the Data Technologies group.
  • More detailed statistical analysis of the survey results is on the way.

Catalog

  • There are several reasons why faculty feel strongly about having paper copies of the catalog (e.g., ease of advising, being able to bookmark/make notes, concerns about monitor sharing…).  This seems to be a major issue mostly in CAS, where most faculty are advisors (unlike in PCPS and KSOM, which have professional advisors).
  • We posted a PDF of the catalog to the TAG site.  Anne Marie has 10 printed copies of the catalog in the Provost’s Office if anyone wants one, and she will look into printing enough copies of the catalog for all advisors next year.

Feedback from English Department

  • Teresa brought feedback from the English department on three main issues: the need for a print copy of the phone book/directory, recommendations for a WYSIWYG editor for HTML code (for the CMS), and difficulty with TSC customer service.
  • In general, TAG will respond to faculty feedback like this by 1) posting a summary of the question, with a response from TAG, to the TAG site and 2) emailing the faculty member directly with the response.
  • Kristen will coordinate with Teresa to get responses to these concerns posted to the TAG site.

Soliciting faculty feedback

  • There are several issues on which faculty feedback is needed, including the CMS (per Anne Marie), classroom mediation (per Jim), and faculty areas of technology interest/expertise.  What’s the best way for TAG to gather this information? Our communication survey was useful, but didn’t hit all faculty.
  • TAG will work on assigning liaisons from TAG to each department.  Liaisons could visit February department meetings to solicit feedback from entire departments.  They’d also be able to let faculty know that TAG exists and talk about how we can be a resource.
  • To assign TAG members to departments, Cathy will work on dividing PCPS departments between herself and Kevin, and Jeremy and Teresa will work on assigning CAS departments between them, Tim, and Kristen.  Neither SP or Sufian were in attendance, so we will ask them to choose KSOM departments.  Jim and Anne Marie will send Kristen specific questions on which they need faculty feedback.

Email and Calendaring change

  • Campus email will be moving to Microsoft Live@Edu.  To smooth this transition, TAG has offered to help IR communicate with faculty about the transition.
  • Since this is a big issue, we’ll have a meeting sometime after January specifically dedicated to the email issue.  By then, we should have some test accounts so TAG members can identify potential faculty concerns.
  • We discussed describing the change as a benefit rather than an annoyance – while faculty will have to learn a new interface, they’ll get a much larger quota and along with other new features. We also need to communicate to Google fans that, while Gmail was considered, IR did have valid reasons for choosing Microsoft.

TAG Policy

  • A few TAG members drafted a policy for codifying how TAG interacts with IR and facilitates faculty feedback into technology decisions.  We’d like the rest of the TAG members’ feedback on the draft policy, with an eventual goal of passing it up to the Faculty Senate Academic Support committee.   We’ll post the policy on the TAG site next week after all members have gotten to review it.
  • Cathy pointed out that the policy does not address all of TAG’s original goals – so we need to be clear that the document is not a mission statement for TAG but instead a single policy that defines one aspect of TAG’s goals.

Other points of discussion

  • We discussed the idea of visiting Dean’s Conferences in order to spread the word about TAG, but we agreed that checking in with the Faculty Senate would be best before approaching the Deans directly.
  • Cathy and Kristen will meet after Thanksgiving to start working on aggregating classroom technology resources for faculty.

Comments : Leave a Comment »
Tags: , , , , , , , , , ,
Categories : Classroom Mediation, CMS and University Website, Email, TAG Administrative

Campus email will switch to Microsoft Live@Edu

4 11 2010

Here on the TAG site we’ve already talked about how campus email is heading for the cloud.  Now, finally, thanks to IR, we have the news you’ve all been waiting to hear: the email system we’ll be switching to is (drumroll please)…

Microsoft Live@Edu.

There are a lot of details still to be worked out, but here’s what we know so far.

When is this happening?

  • The target date for campus implementation is June 2011.

What’s changing?

  • ALL campus email (faculty, staff, students) will move to the Microsoft Live@Edu platform.  Your email will be stored in the cloud rather than on a campus server (or your local machine).
  • We’ll have more storage space for email- everyone gets 10GB instead of 200MB. Wahoo!
  • Thunderbird will be gone.  We’ll be encouraged just to access email via a web browser, not via a desktop client.
  • You’ll keep the same @scranton.edu email address.  People emailing you won’t notice anything different.
  • Your old email can be migrated into Live@Edu, so you don’t have to worry about losing anything.  Details on migration procedures are still forthcoming.
  • Oracle CorpTime will be gone (not that many faculty members use it anyway!). Campus calendaring will be integrated with our email.
  • We’ll all get 25GB of space on SkyDrive, a cloud storage tool that you can use to access your files from anywhere.  But this isn’t replacing RoyalDrive – you’ll still be encouraged to back up your files to RoyalDrive, at least for the time being.
  • We’ll get easy access to Microsoft Office web apps – so you can do basic editing on Microsoft Word, Excel, and PowerPoint files even if you don’t have Microsoft Office installed on your home machine.
  • Mac users will be able to use Live@Edu just like PC users.

Why is the University doing this?

  • Our old email system was… well… old.
  • Cloud storage for email is MUCH less expensive than our current, on-campus system – about 50% less expensive.
  • Cloud storage is much more robust (and more secure) than storing email on your local hard drive.
  • Microsoft Live@Edu gives us some extra features that our current email system doesn’t provide –  collaboration and productivity tools, calendar integration, etc.

Why not Google?

Google was definitely considered as an option, but after much debate, Microsoft Live@Edu was selected as the best enterprise tool that would accommodate the needs of most University users.  IR shared with us a few reasons why:

  • Live@Edu integrates well with the campus’s existing systems – we already use a lot of Microsoft tools.
  • Google is an advertising-based system, and there were some concerns about ads – both that users would have to see them all the time, and that user email content would be searched and indexed so that ads could be better targeted.
  • IR wasn’t comfortable with Google’s track record on privacy issues.
  • Google doesn’t tell users *where* their data is being stored.  For the University, it’s important that data be stored *within* the United States – especially data containing personally identifiable information.

But I like Google!

  • Google fans can still forward their email to Gmail.  That said, we have to be a bit careful about this – the University has to comply with increasingly strict federal laws, like FERPA, that protect personally identifiable information.  IR is working with the General Counsel’s office to get a better feel for exactly what information makes up a student’s “educational record.”  We’ll post more about this as we get more information.

How can I find out more? How is this transition going to happen?

  • Transition plans are still being made. Jim Franceschelli is heading the project management team and has promised to keep us up to date – and we’ll post information as we get it.
  • Right now, the best way to find out more is to attend the IR Forum on Thursday, November 18, from 11:30am-1pm, at which IT Services will introduce Live@Edu to the campus community.  You’ll need to register with ITServices@scranton.eduUPDATE: If you missed it, see the slides from the Forum (ppsx).

How is TAG going to be involved?

We’ll be discussing this question at our next meeting! We have a few ideas so far, though:

  • We’ll coordinate with IR to help them get faculty prepared for this transition.
  • Jeremy and I have asked for access to some test accounts early in 2011 so that TAG members can get a feel for what barriers or significant changes faculty will be facing.
  • Jeremy and I are thinking of doing some early training for tech-savvy faculty – maybe in April or May 2011. Let us know if you’d be interested in this – you’d likely get to switch over your account early!

Questions or concerns?

  • TAG members will be compiling a list of faculty questions and concerns that we’ll do our best to answer and/or act on as the implementation plan proceeds. LET US KNOW what you’re thinking – either by commenting here or posting to the TAG Discussion List – and we’ll get back to you ASAP.

Comments : 9 Comments »
Tags: , , , , , , , , , ,
Categories : Announcements, Email, Upgrades

Past Faculty Feedback on Email

20 10 2010

For anyone who was interested in Bryan’s comment on yesterday’s email update post, here’s a PDF of the Summary Results of the Faculty Senate Email Survey that Bryan and Tim ran back in Spring 2009.


Comments : Leave a Comment »
Tags: , ,
Categories : Email

Using Gmail to read UofS Email

30 09 2010

UPDATE 1/10/2012: These instructions are for the University’s old RoyalMail system, which has been superseded by Microsoft Live@Edu. You can find updated instructions in our January 2012 post on Email Migration for Gmail Users.

————————————–

DISCLAIMER : There are important security and policy issues in regards to storing University of Scranton data on non-University of Scranton hardware.  For more information, please see the end of this document

—————————————–

If you’re like me, you’re an email pack-rat. Who knows when something might be useful? You like to hang on to emails and save them, archive them in folders, and squirrel them away until…. you fill up your email quota and go through all your emails, purging pictures and documents from years ago, shedding a few tears for each one. In this post, I’m going to walk you through what, in my opinion, is your best option: migrating everything into your Gmail account.

Why Gmail? Other than its ubiquity (you probably already have a Gmail account!), the email quota itself is worth the switch. Your email quota on RoyalMail is 200 MB, thoughpower users can increase this quota by request. Gmail’s current quota? 7498MB. That’s about 37 times more storage space, AND it keeps increasing. (Need more than that? You can get it, but Google will charge you a couple bucks a month.)

This FAQ will step you through using Gmail for all your University of Scranton email. Other options exist, of course. For example, you can set up email forwarding in RoyalMail (go to settings, mail, choose “enable mail forwarding,” and provide an address). Thunderbird is also an option, but that leaves the mail locally on your computer. Gmail is a web-based program and accessible from anywhere you can get an internet connection, and it will fetch your email is exactly the same manner as Thunderbird will.

So here’s the ever important question: How can I set up my RoyalMail in Gmail?

  1. First, get a Gmail account.  It’s free, quick, and easy.
  2. Next, once you log in, click “Settings” in the upper right hand corner.
  3. Go to “Accounts and Import” and click the button to “Add a POP3 email account”.
  4. A window will pop up asking for the email address that you would like to check. For me, it’s sepinskyj2@scranton.edu
  5. This will open a new window. Type in your password (don’t worry, it’s secure. Just make sure it says “https” in the address bar, and your browser shows you a closed padlock).
  6. Now you have to check some things and set up a couple of options (click “Learn More” in the Gmail window to get even more info). First, make sure the “POP Server” is set to “royalmail.scranton.edu” Port “110”. Gmail is usually smart enough to set this one automatically.
  7. “Leave a copy of retrieved messages on the server” : Normally, Gmail will download the mail locally and then delete from RoyalMail. Your mail will be in your Gmail account, but that is the only place where it is stored. If you would like to access your mail via royalmail.scranton.edu as well as Gmail, click this box. Be warned though, you will still have to worry about your RoyalMail quota!
  8. “Always use a secure connection (SSL) when retrieving mail.”: The University’s servers do not appear to support SSL. Make sure this box is unchecked.
  9. “Label incoming messages”: You have the option to automatically put a label on all the mail coming in from this account. Labels in Gmail are like folders in other mail applications. This will help you keep your “work email” separate from your personal email, if you want to make this distinction.
  10. “Archive incoming messages”: Gmail allows you the option to simply not put the messages in your main inbox. Chances are, you don’t want this button checked.
  11. Click “Add Account” and you should be set to check your mail! It will attempt to access the account and give you an error if you cannot.
  12. Next, you want to make sure that you can send email as your Scranton self, as opposed to your Gmail self. I definitely recommend this, as it looks much more professional. Starting from the same page: Settings -> Accounts and Import, under “send mail as”, click on the button to “send mail from another account”.
  13. Type in your name if it’s not already there, and add your Scranton email address. Click Next Step.
  14. Now you have an option:
  • “Send through Gmail (easier to set up)” : This is easier. BUT, it just looks like the mail is sent from you. It’s doesn’t actually get sent through the university servers. The only place you’ll see a difference is in the email header. If you use this method, it’ll say something like sent by you@scranton.edu, but the actual electronic breadcrumbs will be myaccount@gmail.com. If you’re ok with that, go ahead and click there. They’ll send you a verification email, click the link, and you’re good to go.
  • “Send through yahoo.com SMTP servers (recommended for professional domains)” : This will make sure that it’s not Gmail that’s sending your mail. Gmail will connect to the University’s web server, and literally tell the University’s server to send the mail – so your mail will literally be coming from the University’s computers. When you select this, you’ll be given a set up other options to type in. Simply set: SMTP Server to royalpo.scranton.edu, Port: 465, and make sure you type in your username and password. (Here, you can select SSL if you would like). Click Next, and you’ll get a confirmation e-mail that you’ll need to click. Once you get it, and follow the instructions there, you’re good to go!

Did you try it? Did it work? Let us know in the comment section below!

P.S. Anyone have any tips and tricks for how they manage their mail in Gmail?

———————————————————————————–

Follow-up from Anthony Maszeroski, Information Security Manager at The University of Scranton:

Regarding your most recent post about using Google to read your
university mail:

a.) We really should emphasize that individuals shouldn’t, in general,
be storing their University my.scranton credentials on external systems.
Some institutions have gone as far as writing this into policy.

b.) There are HUGE potential issues with storing University email on
external systems that end users need to be aware of (FERPA,
Court-ordered eDiscovery, Business continuity (access to separated
employee’s email accounts), International legal jurisdiction, PATRIOT
act requests, etc.) See attached draft.

I know that your intentions were good in publishing this article, but it
isn’t sound advice to do this for University-provided email accounts
that are used to conduct official business.

Draft of Potential Security Issues


Comments : 1 Comment »
Tags: , ,
Categories : Email, Technology Training, Tutorials