Can We Abandon Confidentiality For Google Apps?

An anonymous reader writes "I provide IT services for medium-sized medical and law practices. Lately I have been getting a lot of feedback from doctors and lawyers who use gmail at home and believe that they can run a significant portion of their practice IT on Google Apps. From a support standpoint, I'd be happy to chuck mail/calendar service management into the bin and let them run with gmail, but for these businesses, there is significant legal liability associated with the confidentiality of their communications and records (e.g., HIPAA). For those with high-profile celebrity clients, simply telling them 'Google employees can read your stuff' will usually end the conversation right there. But for smaller practices, I often get a lot of push-back in the form of 'What's wrong with trusting Google?' and 'Google's not interested in our email/calendar.' Weighing what they see as a tiny legal risk against the promise of Free IT Stuff(TM) becomes increasingly lopsided given the clear functionality / usability / ubiquity that they experience when using Google at home. So my question to the Slashdot community is: Are they right? Is it time for me to remove the Tin Foil Hat on the subject of confidentiality and stop resisting the juggernaut that is Google? If not, what is the best way to clarify the confidentiality issues for these clients?"

Re:Slashdot layout broken AGAIN

[Scrameustache]

Why does the story header appear *red* instead of the usual green? (Firefox 3.5 on Vista)

It does that when the story is brand spanking new, I think. It means you're getting the freshest of slashdot's offerings, rejoice!

Re:Say hello to your lawyer

[Red Flayer]

Oh crap. The cat's out of the bag.

Unsubmit! Unsubmit!

Re:Slashdot layout broken AGAIN

[master5o1]

Some stories are red to show that they were posted by a communist.

Re:Slashdot layout broken AGAIN

[Anonymous Coward]

Because it is a RED ALERT. You are supposed to have your shields up and you need to report ready at general quarters. Hurry up - and shut off that damned noise!

Re:The bottom line

[JerRocks]

Half the world works for Google now?

And another number for to weight in your list:

Chances your internal IT guys know more about securing your data than Google engineers: 5%

Yes, my number was pulled out of my ass too.

Re:No

[Runaway1956]

Your walls [photobucket.com] mean nothing to us.

Re:No

[Swampash]

operate your own infrastructure, no matter what the current hype is

Exactly. You should be digging trenches, laying fibre, and setting up entirely separate networks so that no email you send ever passes through a machine or a network or a cable accessible by a third party.

Re:yes..

[jon3k]

Who's shouting? Look it's also illegal to rob banks but as long as you don't get caught, you're in the clear.

Re:Say hello to your lawyer

[Anonymous Coward]

Ah! So that's why they call you "Red Flayer"!

Re:yes..

[speedtux]

UK business are not allowed to process personal data in the USA without express customer consent because its data protection laws fall short of ours.

US and UK privacy protections differ, but to say that the US protections "fall short" of UK protections is false. They have different aims, and I prefer the aims of US privacy protection to those of the UK and Europe, thank you very much.

I think you see the kind of myth you're repeating perpetuated by the UK government; anti-American rhetoric makes a great cover for pushing through an increasingly totalitarian agenda.