Storage, Transmission, and Back-up of Confidential Data
Confidential data must stored with great care in compliance with University and regulatory requirements.
- Confidential data in electronic format must be stored on a computer or server centrally managed by Computing and Information Services (CIS) or in an environment that is under strict legal contracts with the university that meet this policy. Data may not be stored on a non-CIS managed computer, portable storage device, or cloud storage.
- Computers, servers, and other data systems must run current operating systems and software under vendor support for regular security patches
- Any exception to this must be reviewed by CIS management to ensure compliance with confidential data storage regulations
- Confidential data in any hard copy format must be stored in locked cabinets or offices, and not be able to be accessed by unauthorized persons
- Only encrypted networks or communications tools may be used in the digital transmission of confidential data
- Confidential data may not be transmitted via email without use of an specialized email encryption tool
- CIS backs up all electronically stored confidential data stored in pre-approved University data systems
- It is the responsibility of the data steward of all other confidential data to back it up and store it in a secure and controlled location
- Backups of confidential data must be encrypted