Security and privacy information for SaintMail
Is my SaintMail account secure and private?
This service is being provided by the University as the primary email/collaboration system for eligible students.
University policies apply to the service and SaintMail accounts have been customised for optimal educational collaboration. The University of St Andrews has taken steps to ensure that your student data is protected above and beyond a publicly available Google account.
Where are my emails stored and how is my personal data being handled?
This information is stored in multiple Google Data Centres. The European Directive on data protection requires member states to enact legislation requiring organisations to comply, as data controllers, with eight principles of good information handling:
- Personal data shall be processed fairly.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose(s).
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up-to-date.
- kept for no longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects (users of Google Apps in this case) under the Data Protection Act 1998.
- Personal data shall be kept secure with appropriate technical and organisational measures taken to protect the information.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection.
The eighth of these principles recognises that jurisdictions outside the European Economic Area (EU member states plus Norway, Liechtenstein and Iceland) may not legislate for as high a standard of data protection, and places restrictions on the transfer of personal data outside the EEA. The European Commission has determined that an arrangement put in place by the US Department of Commerce - known as the 'safe harbour' - provides adequate protection for personal data transferred from the EEA. Google has agreed to adhere to the set of data protection principles recognised by the Commission.
I hear that Google reads my email. Is this true?
Although they do not read your email, software (not a person) does scan your mail and compile keywords for use in targeted advertising on their other sites. For example, if the software looks at 100 emails and identifies the word 'chocolate' or 'camping' 50 times, they will use that data for advertising on their other sites. Please note that Google has eliminated advertisements from their education offerings for all active students.
How do I ensure that my data stays secure when I'm using a shared or public computer?
IMPORTANT WARNING: Click the "sign out" button then close the Web browser (e.g. Internet Explorer, Firefox, etc.) when you are finished using your SaintMail account on a shared or public computer.
If you do not close the Web browser it will not end your session and the next user will have full access to your SaintMail account, this is due to the University utilising SSO.
Where can I find out more information about data protection within the University?
Please address any concerns to the data protection co-ordinator who can be reached at firstname.lastname@example.org.