The Chronicle of Higher Ed has an audio interview with Paul Turner from Notre Dame about their migration of 12,500 students to Gmail.

As readers of this blog know, my issue with these kinds of implementations revolves around privacy concerns. Unfortunately, in this interview they confuse privacy issues with security issues. They claim, probably correctly, that Gmail is very secure and probably more secure then their previous email system. While this prevents other people from getting access to students email, it does nothing to prevent Google from accessing the student data.

Having said that, I think there is little risk of Google misusing the user data with which it has been trusted. Details are provided on their Security and Privacy FAQ, which outlines that they only give third-parties access to data when required to do so by law.

This is, of course, where the situation becomes murky for non-US universities. US universities are already subject to the Patriot Act, so whether the data sits on their servers or Google's makes little difference. For Canadian universities, for example, moving student email to Gmail changes the risk profile considerably, unless Google has hosting facilities in Canada, which I doubt.

Universities are going to be under increasing pressure to consider outsourcing IT services to companies like Google. While the cost savings may be real, it is important that we consider the full impact of these changes, and that we don't sacrifice our rights (or the rights of others) to save a few dollars.