What should I know about Email Data Protections?

This FAQ was last modified on: Thursday, June 8, 2017 01:30pm
Category: 

Don't have any options to forward your email?  Being moved to the Hosted Exchange service?  You have questions, we have answers!

Summary

You may have a forwarding restriction on your mailbox because one of the following 2 criteria:  

1. You work with or are listed on a Technology Control Plan that handles Export Control or Classified data;

2.  Your department prohibits external forwarding.  

Note: If you are uncertain of which criteria you fall under, please send an email to support@oit.gatech.edu or you can reach out to your local Computer Support Representative.

More information on Data Handling and Classifications:

 GA Tech offers two email services for our faculty, staff, and students:

  • Office 365 Outlook (for most users)
  • On-Premises Outlook (for individuals with a security clearance)
Individuals working on or with access to Category III or Category IV data must use on of the two GA Tech provided email systems in order to ensure all Federal and Institute requirements are met. For individuals with Sensitive or Export Controlled Sponsored research, these restrictions and flags will remain in effect for 5 years after the termination of your award(s)Individuals working on or with access to Category III or Category IV data must use on of the two GA Tech provided email systems in order to ensure all Federal and Institute requirements are met. For individuals with Sensitive or Export Controlled Sponsored research, these restrictions and flags will remain in effect for 5 years after the termination of your award(s)
In addition to Sensitive or Export Controlled research, faculty or researchers may find that they have other data that would prohibit systematic email forwarding.  Many other types of data and email are protected by Federal Regulations and Institute Policy.  Faculty and Researchers should be aware that Users with Category III data as described in the GIT OIT Data Security Classification and Institute Data Access PolicyEmail Data Protection Policy and Computer & Network Usage and Security Policy (CNUSP) may not systematically forward their email to a third party provider.
It is noted in Institute Policy:

Data Users must use official Georgia Tech email services when emailing Category III data. Using third party email/storage services (e.g. Gmail/Google Drive, Outlook.com, Yahoo Mail, and non-GT Office 365 account) to send or store Category III data is prohibited.

Email Data Protection Policy:

Employee Email Forwarding

Most users of the Microsoft Office 365 central email service are allowed to systematically forward their email to third party email service providers.  Users that have Category III or Category IV data as described in the GIT OIT Data Security Classification Handbook may not systematically forward their email to third party email service providers.  Individuals who work on Sponsored research, Export Controlled research, or research with access or dissemination controls, or have access to Proprietary data, or data under a non-disclosure agreement (NDA), or users within some home departments may not systematically forward their email to third party email service provider.  Georgia Tech employees who have their email in the on-premises Microsoft Exchange hosted with Georgia Tech Research Institute will not be allowed to systematically forward their Georgia Tech email to third party email service providers (e.g. Gmail, Yahoo! Mail, Outlook.com).  Georgia Tech Research Institute employees with permission from their Lab Director may systematically forward their email to a third party email service provider if none of the above restrictions apply.

Common Misconceptions:

  • You can still use IMAP to check your email in your favorite email client:  Eudora, Thunderbird, Mac Mail, etc.
  • You can change your From email address in PassPort.  It's your published address.
  • You will still receive email for ALL your GT email addresses.  They will all be delivered to your Office 365 or Hosted Exchange mailbox.
  • If you are using Office 365 Outlook, you can still connect with your mobile device.

Common, sometimes overlooked, examples of Category III data include:

  • Data/information marked with any of the following: For Official Use Only (FOUO), Official Use Only (OUO), Controlled Unclassified Information (CUI), Limited Distribution, or Proprietary
  • Research Data (including research data on Human or Animal subject, Biochemical or DURC)
  • Personally identifiable information (PII)
  • Data under a Non-Disclosure Agreement (NDA) or Proprietary Information Agreement (PIA)
  • Export Controlled data
  • Technology Licensing and Invention Disclosure Information
  • Intellectual Property Information Owned by the Institute
  • Active Library Circulation Records
  • Security Camera Recordings
  • Chematix Chemical Tracking System
  • Building HVAC Monitoring/Control Data
  • BuzzCard System, Continuum System, Building Safety Plans
  • Student Records Excluding Directory Information
  • Financial Aid and Grant Application Information
  • Login Passwords
  • Individual Benefits Elections
  • Social Security Numbers (SSN) (faculty, staff and students)
  • Credit card numbers

If you are experiencing any difficulties with your email or have additional questions, please reach out to your local CSR or to support@oit.gatech.edu.