Reasons to use Purdue email systems
In other words, reasons not to forward your Purdue email to a non-Purdue email service:
1. Purdue email is considered an official Purdue record.
- Public Records: http://www.purdue.edu/business/records/Public_Records/index.html
- Email Policy: https://www.purdue.edu/policies/information-technology/s7.html
2. Purdue is legally liable to protect and retain Purdue records, including student information regulated by FERPA that may be conveyed in email and email attachments.
- Purdue Email Policy: Users are reminded that any e-mail sent from a University Email Account or residing on University Email Services may be considered a public record under the Indiana Public Records Act (IC 5-14-3) and may be subject to disclosure. Users need to exercise judgment in sending content that may be deemed confidential or that they otherwise do not wish to be disclosed. Furthermore, email transmissions may not be secure, and contents that are expected to remain confidential need to be communicated via means other than email. Common examples of confidential contents include: student grades, personnel records, individual donor gift records, personally identifiable information, and data subject to federal and state laws or regulations, including but not limited to, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Family Educational Rights and Privacy Act (FERPA) and the Gramm Leach Bliley Act (GLBA).
3. Using consumer email systems for Purdue email, when not contractually obligated to Purdue, causes Purdue to lose control of records, and circumvents Purdue access controls. Purdue has created access controls to protect and provide secure access to email. The security of 3rd party email systems cannot be guaranteed by Purdue. While some email users may be able to safely forward their Purdue email to a non-Purdue email account, employees who handle official Purdue data are bound by Purdue policy to ensure that Purdue data remains protected in ways that comply with all applicable laws and regulations.
4. The Purdue records retention policy must be complied with even if Purdue email is forwarded to a non-Purdue server.
5. Consumer email systems are typically commercial data-mining systems. Purdue students and employees may not consent to having the content of their email messages forwarded to, or entered into, a commercial data-mining system and tracked/indexed or potentially targeted with advertising, etc.
6. Caching a Purdue career account username password within a consumer email system (not an email client, but email systems/servers) that Purdue has not legally contracted puts Purdue systems and/or accounts at risk. Some non-Purdue email systems will offer to log into your Purdue email account on your behalf and pull your Purdue email onto their servers. It is OK for users to do this for their personally owned email and their own data, but this practice can put the data of students, and Purdue data in general, at risk.
7. When forwarding all Purdue email to a personal email account, a freedom of information act records request could impact someone’s personal account, and potentially bring personal email into litigation. Or it could cause Purdue to become out of compliance with laws that require Purdue to control and access Purdue-owned data.