Essential Security: Storing Sensitive University Data

The University provides remote storage options for UConn faculty, staff, and students, and for most data, we encourage our community to the use the option of their choice. For sensitive and confidential data, however, faculty and staff should use approved cloud or network drive storage. This ensures that all UConn employees and users of data adhere to the policies established to protect sensitive university data to which they have authorized access. These policies apply to university-owned and managed computers as well as to personally-owned devices used to access sensitive university data. (Please note: Confidential data may not be stored on personally-owned IT resources.)

 

Below is a table that lists the cloud/network storage options and what type of data may be stored on them.

 

Table 1. Data storage options for sensitive and confidential data

Data Types EFS OneDrive Google Drive
Data Location UConn Data Center Cloud Cloud
Backup Type Nightly Backup File Versioning via Sync Client File Versioning via Sync Client
Personally Identifiable Information

● Social Security Number

● Driver’s License Number

● State identification card number

● Financial account numbers such as credit, debit, or bank account numbers

● Passport Number

● Alien Registration Number

● Health Insurance Identification Number

● Home address or phone number of individuals in protected classes

Yes Yes No
Credit Card Information

● Primary Account Number

● Cardholder Name

● Service Code

● Expiration Date

No No No
Student University Data

● Grades/Transcripts/Test Scores

● Courses Taken/Schedule

● Advising Records

● Educational Services Received

● Disciplinary Actions

● Student Personnel Records

● Financial account and payment information including billing statements, bank account and credit card information

● Admissions and recruiting information including test scores, high school grade point average, high school class rank, etc.

Yes Yes No
Personal Health Information

● Information that identifies the individual, or could reasonably be used to identify the individual; including, but not limited to
name, addresses, telephone/fax number, medical record number, telephone number, birthday, admission/discharge date,
vehicle ID and serial number, device IDs and serial number, certificate/license numbers, biometric identifiers, full-face images,
or other unique identifying number/characteristic/code.

● Information about the patient’s past, present or future physical or mental health or condition

● Information relating to the provision of, or payment for, health care

Yes Yes No
Financial Data

● Employee financial account information

● Individual financial information

● Business partner and vendor financial account information

Yes Yes No
Attorney/Client Privileged Information Yes Yes No
Export Controlled Research* No No No
Controlled Unclassified Information** No No No
Sensitive Identifiable Human Subject Research Yes Yes No

*For more information, contact Jason Pufahl, CISO at Jason.pufahl@uconn.edu

**More information available on the Secured Research Infrastructure page.

 

Relevant policies

Access Control Policy

Confidential Data

Data Classification Levels

Data Roles and Responsibilities

 

 

Guidelines

Extended List of Confidential Data