Skip to main content

Cornell University

IT@Cornell

Google Workspace Privacy and Security

This article applies to: Cornell Google Workspace for Faculty and Staff , Cornell Google Workspace for Students

Cornell's commitment to privacy has not changed as a consequence of offering Google Workspace, a cloud-based service. 

As with all decisions that Cornell makes regarding information technologies, privacy and security are key elements. In addition, Cornell remains committed to freedom of expression. The Office of University Counsel managed the contract negotiations with Google to ensure that Google meets the university's expectations for freedom of speech, privacy, and security.

The process used to select Google Workspace included a review of Google's privacy and security practices. Google provided satisfactory responses to the university's detailed inquiries and requirements about those aspects of their respective services.

Among those areas of concern were requirements that the vendor would not have any rights to access user content stored in emails or files in personal web space, or contained as part of any productivity applications. Google agreed to Cornell's requirements in the context of its privacy policy. Specifically, under Cornell's agreement:

  • Google is considered a designated School Official as defined by the Family Educational Rights and Privacy Act (FERPA), and therefore Cornell-provided G Suite services are sanctioned for storing student data. This use is only permitted for Google Workspace accounts that are provisioned by Cornell using Cornell NetIDs.
  • Use of Cornell-provided Google Workspace services for other regulated data is not sanctioned. Cornell-provided Google Workspace services cannot be used for Health Insurance Portability and Accountability Act (HIPAA) data, Payment Card Industry (PCI) credit card data, Gramm-Leach-Bliley Act (GLBA) financial information, Export Controls (federally restricted data that cannot be exported to other countries or be accessed by non-US persons), or data covered by the Cornell Institutional Review Board (protection of human subjects).
  • Cornell faculty, staff, and students are responsible for applying the appropriate security settings to files or forms created in Google Workspace to prevent inadvertent sharing or data leaks.
  • Cornell-provided Gmail accounts are subject to Cornell's email stewardship policy.
  • Cornell faculty, staff, and student users of Cornell Google Workspace accounts are required to authenticate with Two-Step Login when signing in.
Caution: Personal Google Workspace accounts, including personal Gmail addresses, as well as Google Workspace accounts provided by non-Cornell entities, are not sanctioned for storing FERPA-covered data. University data that exists in personal accounts must be transferred to a Cornell-provided Google Workspace account (or other sanctioned location) to be compliant with FERPA. 

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.