This is sort of a general security question I am throwing out to all you experts because I am about to go off on a vendor.
Last week, we had @ 20 Printer/Scan/Fax machines (the big ones) replaced under a new contract with a new vendor. We with IT provided them IP addresses to use and the company did the rest of the config. Today we discovered that all of their scanning features are configured using Gmail, pushing the scans via an account we don't have access to because I don't know the password. I consider this a HUGE security risk.
My problem is that Google archives everything sent through it's service. There's no telling what info is on those scanned documents, including personal info like social security numbers, private medical info, police evidence (we are a city government), and so on. Also, this vendor could access the Gmail account and look at all our scans.
Has anyone else run into this practice? If so, what are your thoughts on it? Am I over reacting or is there a lot of potential problems that could arise by using Gmail instead of our internal Exchange server?