Google Privacy and Security Frequently Asked Questions (FAQs)
Find answers to your most common questions about using privacy and security with Google Workspace for Education at CMU.
Are there any restrictions for using Google?
The university may not use Google for High Risk Activities, for data that is controlled for export under Export Control Laws, or in ways that reverse engineers, resells, or creates similar services through the use of Google.
Does Google comply with FERPA (Family Educational Rights and Privacy Act) obligations?
Google is considered a “School Official” and will comply with the requirements and obligations of School Officials under FERPA.
Does Google know my Andrew account password?
Does my CMU Google mail display advertisements, like my personal Gmail account?
No, ads are disabled for CMU Google Mail.
How does Google handle security breaches?
Google complies with applicable laws and notifies customers directly in the most expedient time possible. Depending on the situation, Google may automatically suspend the offending user and inform the university’s administrator.
How does Google manage decommissioned discs/disc erase?
When discs that contain customer data experience performance issues or errors they are decommissioned by Google. Every decommissioned disk is subject to a series of data destruction processes before leaving Google premises. Discs are erased in a multi-step process and verified complete by at least two independent validators.
How is on-site security handled in these locations?
Each Google data center maintains an on-site security operation responsible for all physical data center security functions 24/7. The on-site security operation personnel monitor Closed Circuit TV (CCTV) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly. Google employs a centralized access management system to control personnel access to Google production servers, and provides access to a limited number of authorized personnel.
Is my data encrypted?
Customer data that is uploaded or created in G Suite services is encrypted at rest. HTTPS is also enabled for all G Suite services so that your data is encrypted when traveling from your device to Google and also while in transit between Google data centers.
What does Google do to avoid service interruptions?
What happens to our data if we terminate our agreement with Google?
Google provides customer access and the ability to export their data for a reasonable period of time. After this time, Google will destroy/overwrite the data.
What is our agreement with Google in terms of intellectual property rights?
Our agreement with Google does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As a Google customer, we (university/end user) own all intellectual Property Rights in customer data; conversely, Google owns all intellectual property rights in the services.
Where is my Google data stored?
Google data is stored in a vast number of geographically distributed data centers that are owned/managed by Google. These centers adhere to, at least, industry standard systems and procedures that ensure security and confidentiality and protect against threats, hazards and unauthorized access.