Understanding the Microsoft and Google Terms of Service Notification
This article describes the Terms of Service contract the Virginia Tech has signed with Microsoft and Google relating to their data handling and unauthorized use of services.
Microsoft's Microsoft 365 and Google's Google Workspace for Education - Terms of Service Notification
A Virginia Tech user's new accounts have been automatically licensed to access Virginia Tech contracted Microsoft's Microsoft 365 and Google's Google Workspace for Education services. If a user decides to utilize these services, they are agreeing to abide by the terms for those services. The following are some parts of Virginia Tech's contract with Microsoft and Google that are applicable to their usage of the services and should be reviewed and understood before using:
- Microsoft and Google will store and process a Virginia Tech end user's data (generated, transmitted, or displayed), with the same security standards used to process Microsoft's and Google's own information of a similar type.
- Microsoft will transfer, store, and process data only within Microsoft’s United States based data centers. Google reserves the right to transfer, store, and process data in any of Google's data centers (within or without the United States).
- Virginia Tech owns intellectual property rights of their own data, while Microsoft and Google own property rights of their Services.
- If any data is confirmed as deleted by the user, then that data is deleted from the Microsoft and Google systems, and the data is no longer accessible or recoverable by the end user.
- Microsoft and Google realize that end user data may contain personally identifiable information (PII) from education records that are subject to FERPA and, to the extent that the end user data includes FERPA records, Microsoft and Google will be considered as "School Officials" (as the term is used in FERPA and its implementing regulations) and will comply with FERPA.
- Data that you create, upload, download or sync between local systems (such as your desktop, laptop or smart device) and Microsoft 365 and Google Workspace for Education offerings (such as (but not limited to) SharePoint Online, Microsoft Office Online, OneDrive for Business, Google Docs, Google Drive, etc.) should not be data that can be classified as restricted. Specifically, data that can be identified as ITAR/DFARS (International Traffic in Arms Regulations/ Defense Acquisition Regulations System), HIPAA (Health Insurance Portability and Accountability Act), CUI (Controlled Unclassified Information), or PCI (Payment Card Industry).
- Virginia Tech will use commercially reasonable efforts to prevent and terminate unauthorized use of Services and will notify Microsoft and Google of any unauthorized uses.
- Microsoft and Google can request suspension of end user account’s service if Microsoft or Google become aware of an end user's violation of the Microsoft 365 or Google Workspace for Education agreements. If Virginia Tech does not comply with the request, then Microsoft or Google can suspend the transgressing account’s service. The suspension will remain until the end user has resolved the breach that caused the suspension.
- Microsoft and Google may automatically suspend an account’s service in the case that the account might provide unauthorized third-party access to the Services or potentially disrupt Services, other users' use of Services, Microsoft network or Google network or servers used to provide the Services.
- Designated Virginia Tech administrators have the ability to access, monitor, use, or disclose data available to end users within end user accounts.
- At any time, designated Virginia Tech administrators can delete an end user and their data from Microsoft and Google services. Alternatively, an administrator can suspend an end user or change their password such that their data is accessible to the organization but not the end user.