That is a little different. Google makes it clear to colleges and
universities that their mail system is not to be used for HIPAA
stuff there is no guarantee of privacy. This is different than a
run-of-the-mill class. There are legal restrictions in place on medical
communications and in fact the university shouldn't have even emailed
you an unencrypted email in the first place.
And many colleges already understand this. For example when University
of Washington - originator of the IMAP protocol - replaced their
email system with Gmail a few years ago, they retained their mail
system for use by the medical college.
I understand where you are coming from on the business email issue but
the reality is that the millennial generation isn't listening. However,
don't blame them. The moment that the first employer looked up a
job candidate's Facebook posts, that wall between business and personal
was breached. And that was done long before the millennial generation
started intermixing the two.
Unless employers are willing to take a hands-off attitude to employees
personal online activities, then their demands that employees use the
"blessed' mail system are going to continue to be ignored. They cannot
have their cake and eat it too and if they insist on it then their
employees just won't go to work for them - and in fact may setup
competing businesses and put them out of business. And so far employers
seem to be insisting that employee's personal activities outside of work
are fair game.
So, I think your fighting a losing battle - in another generation the
statement "you can't just use your own random @gmail.com account for
business purposes" will have absolutely no meaning.
Ted
On 3/16/2016 1:11 PM, Dave Warren wrote:
On 2016-03-15 14:15, Ted Mittelstaedt wrote:
I agree with you on that one. There's a big push among colleges to push
students to use their "blessed" mailsystems. They don't want students
emailing instructors from the student's gmail account, they want the
students emailing the instructors from the college-provided gmail
account.
I would too. If nothing else, this prepares students for the real world,
where you can't just use your own random @gmail.com account for business
purposes either.
I've walked away from a university study after getting an email from and
CC'd to some random @gmail.com/@hotmail.com addresses requesting further
medical information to confirm placement in the study. I filed an
official ethics complaint as the preliminary medical information I
submitted was supposed to be held safely and all data is supposed to be
protected, revealed only to me, my doctor, and otherwise anonymized
before any dissemination, yet was CC'd to multiple providers and now is
subject to their marketing department's whims, within the range of third
party privacy policies in other countries.
Information security is hard, mostly because of users, and it takes
practice. Accepting and trusting inbound email from random addresses is
what brings us to
https://krebsonsecurity.com/2016/03/thieves-phish-moneytree-employee-tax-data/
