I think that at least the latter half of this post is missing one huge piece of information. How can you be sure that it is Google that is defining public/private data. A lot of organizations are required to follow federal standards which in themselves define what is public and private. Social Security Numbers and Credit Card Numbers are always at the top of every one of those lists. For reference look at PCI DSS (http://en.wikipedia.org/wiki/PCI_DSS), FERPA (http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html), and HIPPA (http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act). Now while FERPA and HIPPA might not have anything talking about SS#s and CC#s take this excerpt from FERPA: "Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance." If a school can publicly disclose addresses without consent which they collect mandatorily, why can't Google, who is just indexing information that was already public not link to it? The problem with the private data online isn't Google, they are just the biggest target that happens to have been hit by this guy's particular wild shooting.

I'm kind of surprised that this hasn't been mentioned yet. I stumbled upon it on accident while looking for the same thing. A product named DimDim. It's open source and basically webex. It's free for conference rooms that have under 20 people. You can also host a server yourself. Using this I have helped many friends and family members overcome different problems. Setting up my own server was pain (dependency nightmare) but I like to know what information goes where (yeah I'm a bit paranoid).

There is one thing that people seem to be missing in all of this. Does the Administrator actually care about the data that you are worried they are going to steal. I personally strongly value my job and the trust that people put in me. Even if that wasn't the case I personally manage and maintain systems that store terabytes of sensitive data, hundreds of thousands of personal, potentially confidential, and sensitive emails, and I wouldn't waste my time looking through that. There just isn't any reason. Unless you have a shady administrator with a lot of free time, no other clients (this should be a warning sign by itself), and a very small amount of data. This shouldn't be a concern.

... if they can't get through the tubes!