While I think Web 2.0 ‘cloud’ applications are really helpful, I think it is critically important to note something:
It is NOT appropriate to store, transmit, or discuss any protected information whether it is encrypted or not in any third-party application that does not have a contractual agreement with the university. This restriction obviously applies to all data covered under FERPA, HIPAA, and the Gramm-Leach-Bliley Act. It also applies to any information that is proprietary university information. It also applies to information that is not necessarily covered under those laws, but is also considered protected information. (For more information about these categories, please consult the employee handbook and the policies on Privacy and on Information Technology, which are in the handbook’s appendices.)
All protected information should be stored, transmitted, or discussed using only university-supported information technology storage and applications. The only way it would be appropriate to use a third-party application would be if the university and vendor had a contractual arrangement that is fully compliant with FERPA and other relevant laws. As an individual, signing up for an individual account on one of these services, no such security is guaranteed.
While I do think that ‘web 2.0’ and ‘cloud’ applications are really helpful, they are only really appropriate for your personal work product. So, if you are working on a draft of a paper, then you can store it in the cloud. Or if you are working on a lesson plan, and it contains no information about students, then you can store that in the cloud.
I suggest you err on the side of caution: if you are unsure whether the information you have is protected information, assume that it is, and don’t put it in a third-party application. If you need more guidance, please consult with the relevant senior administrators to make sure that you are not breaking the law, or even bending it a little.