A recent letter from Gary Allen, University of Missouri vice president for information technology and the chief information officers at UM System campuses, has voiced concern about the use of third-party information technology services also known as “cloud” services.
Cloud services are IT applications and services accessed through the Internet in which the location of the infrastructure are unknown to the user or to the University.
The letter expresses concerns surrounding issues of adequate protection of data stored in the “cloud” environments, appropriate terms and conditions to protect the University and its employees and customers, meeting federal and state data privacy and security requirements, and the use of information for undesirable or unethical purposes.
“The University has a variety of policies intended to affect the privacy, security, availability and integrity of University data and that of our customers — policies that are often bypassed when cloud services are adopted. These policies were developed to help employees comply with laws and regulations such as FERPA, HIPAA, Federal Trade Commission regulations about financial information and identity theft, GLBA, Federal rules for the handling of evidence, open records laws, export control regulations and more. Additionally, University employees do not have the authority to agree to license agreements (so called shrink-wrap or click-through licenses) and therefore, may be putting themselves and the institution at risk.
“As your schools, colleges and departments consider subscribing to or utilizing cloud services, please keep in mind that unless the appropriate channels are followed, you and your users may be placing yourself, your customers and the University at risk.”
Read the letter in its entirety.