Google Desktop:
A Security and Privacy Risk

A new feature added to the Google Desktop 3.0 program for Windows computers poses serious risks to the security and privacy of personal and Penn institutional data. Google Desktop is a search tool that lets you search all the information on your computer and other computers as well.

In February, Google added a new “search across computers” function.  This feature places images of your personal and work-related files on Google’s servers so you can search the contents of one computer from another. If your email or Instant Messenger conversations are stored on your computer, Google Desktop will index them and store them on Google’s servers. There are options for configuring what data is uploaded to Google, but if Google Desktop is configured incorrectly, you can unknowingly transmit copies of restricted data for storage on Google’s servers.

It is recommended that no one use Google Desktop on computers used for Penn business. This is especially true for faculty and staff with confidential HIPAA, FERPA, or other confidential or legally protected records stored on their computers.

If you use Google Desktop for your personal computer (one not used for Penn business), the article at the following address describes some limited options for protecting your data: www.itd.umich.edu/itcsdocs/s4340/.