Skip to main content

G Suite Privacy and Security


How can Cornell safeguard privacy for services provided by Google?

Cornell's commitment to privacy has not changed as a consequence of offering G Suite. 

As with all decisions that Cornell makes regarding information technologies, privacy and security are key elements. In addition, Cornell remains committed to freedom of expression. The Office of University Counsel managed the contract negotiations with Google to ensure that Google meets the university's expectations for freedom of speech, privacy, and security.

The process used to select G Suite included a review of Google's privacy and security practices. Google provided satisfactory responses to the university's detailed inquiries and requirements about those aspects of their respective services.

Among those areas of concern were requirements that the vendor would not have any rights to access user content stored in emails or files in personal web space, or contained as part of any productivity applications. Google agreed to Cornell's requirements in the context of its privacy policy. Specifically, under Cornell's agreement:

  • Google is considered a designated School Official as defined by the Family Educational Rights and Privacy Act (FERPA), and therefore Cornell-provided G Suite services are sanctioned for storing student data. This use is only permitted for G Suite accounts that are provisioned by Cornell using Cornell NetIDs.
  • Use of Cornell-provided G Suite services for other regulated data is not sanctioned. Cornell-provided G Suite services cannot be used for Health Insurance Portability and Accountability Act (HIPAA) data, Payment Card Industry (PCI) credit card data, Gramm-Leach-Bliley Act (GLBA) financial information, Export Controls (federally restricted data that cannot be exported to other countries or be accessed by non-US persons), or data covered by the Cornell Institutional Review Board (protection of human subjects).
  • Cornell faculty, staff, and students are responsible for applying the appropriate security settings to files or forms created in G Suite to prevent inadvertent sharing or data leaks.
  • Cornell-provided Gmail accounts are subject to Cornell's email stewardship policy.
Caution: Personal G Suite accounts, including personal Gmail addresses, as well as G Suite accounts provided by non-Cornell entities, are not sanctioned for storing FERPA-covered data. University data that exists in personal accounts must be transferred to a Cornell-provided G Suite account (or other sanctioned location) to be compliant with FERPA. 

Was this page helpful?

Your feedback helps improve the site.

Comments?