School Directory

Privacy Matters

Privacy Matters

Google Apps & Privacy in Wetaskiwin Regional Public Schools

Wetaskiwin Regional Public Schools (WRPS) values the personal information that we are responsible for, and it will be used for the purposes as outlined in our FOIP Declaration for WRPS.

WRPS has extensively reviewed Google Apps for Education's privacy policies and security measures and are satisfied that it protects the privacy of users (staff and students) as they use these tools.  

All of our privacy documentation is available upon request (and most of it is included in this site).

      

Ownership and Types of Data on Google

WRPS data (staff and student email, documents added to or created in Drive or Google Sites) are saved on Google servers.  Google does not currently have server facilities in Canada, so this data is saved in the US and is subject to US law.  Staff and student records, including student grades, demographic, and other data are not saved on Google servers. This data is stored internally or on our SIS vendor servers.

In 2010 Edmonton Public Schools completed a detailed Privacy Impact Assessment (accepted by Alberta's Privacy Commissioner) and Edmonton Public Schools is satisfied that Google Apps for Education (which differs from public Google or Gmail accounts) meets their requirements for security and privacy.  WRPS has closely modeled our Privacy Procedures and Policies around Edmonton Public Schools’ work.

Specifically:

All of a user's data is owned by the user and Wetaskiwin Regional Public Schools and Google makes no claim on the content. Here's what they have to say:

Google Apps is governed by a detailed Privacy Policy, which ensures we (Google) will not inappropriately share or use personal information placed in our systems.

  • The Google Apps Terms of Service contractually ensures that students, faculty, and staff are the sole owners of their data.

  • Because faculty, staff & students own the data they put into Google Apps, we believe it should be easy for your users to move their data in and out of our systems.

  • The controls, processes and policies that protect user data in our systems have obtained a SAS 70 Type II attestation and will continue to seek similar attestation.

  • Google complies with applicable US privacy law, and the Google Apps Terms of Service can specifically detail their obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations.

  • Google is registered with the US-EU Safe Harbor agreement, which ensures that their data protection compliance meets international standards.  

Although these laws have no legal standing in Alberta or Canada, WRPS believes that they do demonstrate Google’s commitment to the protection of personal information of our users.

At WRPS we are using Google Apps for Education for staff and student email, documents, presentations, websites, etc. (i.e. data).  The data we are collecting and which will be stored on Google's servers also includes student login information (First Name, Last Name, User name), and their network login password. Passwords are encrypted and are cannot be read by neither WRPS staff  nor Google.  

WRPS is confident that Google Apps for Education privacy and security policies regarding the protection of personal information is in accordance with our district policies.  However, under U.S. law our district cannot guarantee against the possible secret disclosure of information to a foreign authority (e.g. NSA) as a consequence of foreign laws.    Similar laws exist in Canada.  WRPS is aware of and comfortable with the risk associated with a possible "secret disclosure" and are willing to live with this risk in order to benefit from the educational and collaborative features of Google Apps for Education.

Back to Privacy Matters

Access to Personal Information

Remember that your WRPS username and password are all that are needed to access your account, so it is very important to keep your password secure, and to change it periodically.

The following persons, positions or employee categories have access to student logins, and through this, to their Share (Google) Apps accounts and information:

Global access to all Share (Google) Apps accounts (staff or student), account settings (usernames,passwords, alias'), user-created sites:

  • WRPS Google Apps domain administrators (WRPS District Technology staff).

The domain administrators can:

  • Monitor email and chat (with cause following our WRPS Admin Procedures);

  • View statistics regarding your account, such as information concerning your last login or data storage usage;

  • Reset your account password, suspend or terminate your account access and your ability to modify your account;

  • Access or retain information stored as part of your account, including your email, contacts and other information; and,

  • Receive account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.

  • Delete your account and all data associated with that account.  

  • With GoogleApps, students/staff can export their files when they leave the District.  The GoogleApps administrator for WRPS will determine when data will be removed/deleted from GoogleApps.  Under normal circumstances accounts will be deleted one year after the user leaves the district.

Access to individual staff and student accounts (both Share (Google) Apps and WRPS Network resources):

  • School designates, school administrators, and SIS personnel have access to student accounts at their assigned schools.

  • These persons can:

    • Access or retain information stored as part of your account, including your email, contacts and other information; and,

    • Receive account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.

Google employees will access your account data only when an one of the WRPS domain administrators grants Google employees explicit permission to do so for troubleshooting purposes. During the course of troubleshooting an issue or other investigation, the Google Support team may ask for the creation of a test administrator account, solely to be used to resolve the particular issue at hand.

In addition Google employees or automated systems may also take down any content that violates the Terms of Service. See the Privacy section below for more information about Google's access to your account.

Age Restrictions in Google Apps EDU

From Google:

If you are using Google Docs within Google Apps Education Edition for your school domain, it is the school jurisdiction’s responsibility  to ensure that the provisions of the FOIP Act are met.  This includes ensuring the security of the data, limiting access and notifying parents that the data is stored outside of Canada and subject to U.S. laws.   Parental consent under the FOIP Act is required when the school district/school discloses personal information of students to 3rd parties that are outside of the district (that we have not contracted service to).  

Google Apps is an extension of the classroom and we do not ask parent consent for students to access Google Apps.  Per the Google Apps Education Edition Agreement, any school administering Google Apps Education Edition acknowledges and agrees that it is solely responsible for compliance with The FOIP Act, including, but not limited to, making parents aware of the collection of students' personal information used in connection with the provisioning and use of the Services by the Customer and End Users.

If students/schools are posting information outside of Google Doc where the general public may have access to the information or 3rd party applications are collecting personal information then parent consent is required.

Parental notification could take place in form of a “Technology Responsible Use Agreement" which makes users and parents aware of the use of Google Apps and/or other technology services at the school, or an informational letter sent home. For more information on complying with The FOIP Act click on the link http://www.servicealberta.ca/foip/

WRPS schools will notify parents via a letter and through our new Responsible Technology Use Agreement.

Confidential Information and How Google Handles It

Google operates one of the most robust networks of distributed data centers in the world (read more about them here). The protection of the intellectual property on these servers is critically important to us -- in fact, employees at Google, Inc. rely upon the same Apps production environment used by our education customers.

Google Apps brings you the latest technologies and some of the best practices in the industry for network application security and user privacy, as summarized below:

  • It's your content, not ours. Your Apps content belongs to your school, or individual users at your school. Not Google.

  • We don't look at your content. Google employees will only access content that you store on Apps when an administrator from your domain grants Google employees explicit permission to do so for troubleshooting.

  • We don't share your content. Google does not share personal information with advertisers or other 3rd parties without your consent.

  • We sometimes scan content. And for very good reasons, like spam filtering, anti-virus protection, or malware detection. Our systems scan content to make Apps work better for users, enabling unique functionality like powerful search in Gmail and Google Docs. This is completely automated and involves no humans.

  • Note that there are a few common-sense exceptions to the points above, like valid legal processes and maintaining the safety and security of our systems. For more information, see our detailed Privacy Policy, Privacy Principles, and Terms of Service.

The section below is from section 6 of the Google Apps for Education Agreement

  • 6.1 Obligations. Each party (Google and Wetaskiwin Regional Public Schools) will: (a) protect the other party’s Confidential Information with the same standard of care it uses to protect its own Confidential Information; and (b) not disclose the Confidential Information, except to affiliates, employees and agents who need to know it and who have agreed in writing to keep it confidential. Each party (and any affiliates, employees and agents to whom it has disclosed Confidential Information) may use Confidential Information only to exercise rights and fulfill obligations under this Agreement, while using reasonable care to protect it. Each party is responsible for any actions of its affiliates, employees and agents in violation of this Section.

  • 6.2 Exceptions. Confidential Information does not include information that: (a) the recipient of the Confidential Information already knew; (b) becomes public through no fault of the recipient; (c) was independently developed by the recipient; or (d) was rightfully given to the recipient by another party.

  • 6.3 Required Disclosure. Each party may disclose the other party’s Confidential Information when required by law but only after it, if legally permissible: (a) uses commercially reasonable efforts to notify the other party; and (b) gives the other party the chance to challenge the disclosure.

Protecting your Network Login ID and Password

 Staff and students in WRPS access Google Apps using their Google For Education network login ID's and passwords.

It is important for all users to protect their passwords.  Some tips for protecting your password include:

  • Do not give your password to anyone else, except in the case of students sharing their password with their parents or legal guardians (your teachers have access to this information already).

  • Do not write your password down.  Memorize it.

  • If you change your password make it into something that is easy for you to remember, but not easy for others to guess.

  • Do not use your login name as your password

  • A good idea is to use a jumble of letters and numbers that mean something to you.  For example, if your grandparents love going to Phoenix every winter, how about gmagpaluvsun or something like that (you get the idea).

  • If you feel like your password has been compromised, let your teacher know as soon as possible and then change your password.  Staff notify school administration or school designate

  • instructions for changing your password

Awareness Of Terms Of Use And Privacy Information For Users Accessing Share (Google) Apps

Wetaskiwin Regional Public Schools will make all reasonable efforts to ensure that all Share (Google) Apps users (staff and students) are made aware of the district's acceptable use guidelines. Students who will have Share (Google) Apps accounts created must not only agree to the "Google Apps terms of service" (presented to them the first time they log in, see below), but they, along with their parent or legal guardian, must also review the Technology Responsible Use Agreement  and the Letter of Google Information Sharing or we change use agreement which includes the portal section to their existing student technology use agreement

Additional privacy information is linked on the WRPS site under Privacy Matters.

Our responsibility under the FOIP Act is to ensure that WRPS has made reasonable security arrangements to protect personal information against such risks as unauthorized access, collection, use, disclosure or destruction.  In addition WRPS needs to inform users as to what information we're collecting and which information Google may use and have access to, and that their data including e-mail will be stored outside of Canada and subject to foreign laws.

For example, in order to set up students with Google Apps accounts we will set up synchronization between our Active Directory (AD) and Google. What this means is that a students first & last name, username (e.g. t.dude) will be sent to Google but will NOT be associated with a school name. In effect, a student’s personal information (name) is stored on Google servers.  Student and staff passwords are sync'ed with Google using a secure process.  At no time is your WRPS password readable by Google as it is sent and stored in an encrypted format.

Staff and students should also be aware of who has access to their accounts and information stored on Google. This includes notification of what the domain administrators (at WRPS) can do with their account:

  • Google's privacy policy is quite clear about who owns the data, and who has access to the data. These are outlined in the FAQ section below, but basically, Google only accesses aggregate information to improve service.  In addition, Google follows the Safe Harbour principles and they are registered with the U.S. Department of Commerce's Safe Harbour Program.  Although these laws have no legal standing in Alberta or Canada, EPS believes that they do demonstrate Google’s commitment to the protection of personal information of our users.

Privacy Risks and Mitigation Plan for Google Apps for Education in Wetaskiwin Regional Public Schools

Google Apps uses "cloud computing services".  Cloud computing services involve "a software and server framework (usually based on virtualization)" that uses "many servers for a single software-as-a-service style application or to host many such applications on a few servers." 

 Google Apps (Google Applications) used within Wetaskiwin Regional Public Schools include:

  1. GMail - Google's encrypted email program.  30 GB of storage, no advertising, Google Spam filtering and built-in Message Security administered at both domain and user level. Users can import or export mail, contacts and settings to and from other applications easily.

  2. Calendar - encrypted scheduling application.  Event details on a user's Google's calendar are private by default, but free/busy information is shared with other domain members unless turned off under "Settings".

  3. Contacts - encrypted global address book includes all users in the domain (staff and students).  Staff are identified by school and department, students just by grade level.  Users can add personal contacts as well.

  4. Drive (formerly Docs) - encrypted online storage with a productivity suite including a word processor, spreadsheet, presentation, drawing and form editor. Videos and photos (including *.psd files) uploaded can be viewed online in the browser.  Each user has 5GB of storage space online for any type of file, not including items converted to Google Docs.  Any files uploaded or created on Google Docs private by default, and are not shared unless expressly indicated by users. Users can export all files that they own in a variety of formats at any time using a simple export menu.

  5. Sites - encrypted  website/wiki building application.  During the site creation process users are prompted to either "Share with everyone in gshare@wrps11.ca" (default), sites will share internally only

  6. Google+ - Internal Social-media application. Default sharing is internal to gshare.wrps11.ca staff only. Student accounts are disabled.