Understanding data policies and utilizing University-approved storage solutions, such as Box and UD Google Drive, ensure the security of your data. This approach not only minimizes the risk of data loss due to unforeseen circumstances but also helps you stay within your personal data quotas.
This article covers the following topics:
UD Data Policies
Restricted and High Risk Data
Laptop Encryption
Understand Data Protection Requirements
Report IT Security Incidents
What is the difference between Box and Google Drive?
Box
UD Google Drive
External Hard Drives or Flash Drives
Data Recovery
UD Data Policies
Over the past several years, Google has changed their position on unlimited storage. As a result, the University of Dayton has worked diligently to adapt to this new framework by introducing several data stewardship practices. This includes:
Restricted and High Risk Data
Restricted or high risk data refers to business sensitive, personally identifiable information (PII) or otherwise regulated data not intended for disclosure outside the organization.
The University of Dayton is required to comply with regulations such as:
The Information Security Policy details the types of data used by the University of Dayton and can be used to assist with identifying and securing sensitive information. To gain access to restricted or high risk data, submit a Data Request or Question for Data Steward ticket. Tickets are routed to the appropriate Data Steward(s) for a quick reply and/or approval. Requestors are also required to abide by UD's Confidentiality Agreement and submit a Confidentiality Agreement Form.
Laptop Encryption
The loss or theft of laptops and mobile devices presents a great risk to personally identifiable information (PII) and intellectual property potentially stored on these devices. The Board of Trustees and President's Council has directed that all University laptops incorporate a standard, full disk encryption solution with initial and annual costs borne by the unit purchasing the laptop.
Contact your unit's IT staff or the UDit Risk Management Office (itriskmgmt@udayton.edu, 937-229-4387) if you have questions or an immediate need for encryption on your device.
Understand Data Protection Requirements
Faculty and staff at UD use a wide variety of electronic information to facilitate University business. While much of this information is public, misuse of restricted or sensitive data could substantially damage UD’s reputation or put our institution at legal and financial risk.
-
Restricted or High Risk Data: Information to which access must be restricted due to contractual or legal/regulatory considerations.
Examples: Student academic record (FERPA), social security numbers, credit card data (PCI), personal health information (HIPAA)
-
Medium Risk Data: Information of value to UD or which, if lost, might adversely impact our environment.
Examples: Proprietary research, pay scales and donor data
-
Low Risk / Public Data: Information with no existing local, national or international legal restrictions on access. Public information may or must be open to the general public.
Examples: course catalog, directory information
See UD's Information Security Policy for more information about classifying the types of data you use.
Report IT Security Incidents
An IT Security Incident is any adverse event which compromises some aspect of computer or network security. All incidents should be taken seriously and reported according to UD's policy on IT Incident Handling.
Security incidents that must be reported include:
-
Compromise of user credentials (when there is reason to believe this has led to unauthorized access or loss of confidential data)
-
Lost or stolen laptop
-
Lost or stolen removable media containing sensitive UD information (CD, DVD, USB flash drive, external hard drive, smart cards)
-
Malware or virus-infected computer (when there is reason to believe this has led to unauthorized access or loss of confidential data)
Use the IT Security Incident Reporting form to report an incident.
What is the difference between Box and Google Drive?
Box is a cloud file storage application licensed to UD faculty, staff and students and has the additional security of enterprise management - the ability for UD to create, provision and remove access to folders based on a position at the University, not a specific person. So if an employee leaves UD, their data won't be automatically deleted.
Google Drive is also a cloud file storage application licensed to UD faculty, staff and students, but it does not have the additional security of enterprise management. Google Drives are tied to individual UD computing accounts and, if sharing settings aren’t configured correctly, content stored in Drive will be deleted when an employee separates from the University. Whenever possible, place your UD business data into a Shared Drive instead of a My Drive and keep all personal data in a personal Google account.
Box
Box is a cloud file storage application, similar to Google Drive, but with the additional security of enterprise management - the ability for UD to create, provision and remove access to folders based on your position at the University. UD faculty, staff and students are licensed to use Box for secure cloud file storage.
Files stored in Box can be placed in your workspace folder (a folder belonging to an individual user, e.g. rflyer1 workspace) and in shared folders (folders shared within a department or office). When a person leaves UD, all files within their workspace folder are deleted. Files saved to shared folders stay exactly where they are so remaining team members can continue to share information.
You can protect yourself from losing data by storing files on your UD Box account.
-
Go to go.udayton.edu/box.
-
Log in with your UD username and password.
-
Drag and drop folders and files from your computer onto your UD username workspace folder or a shared folder.
Additional Box resources:
UD Google Drive
Files stored in your UD Google Drive can be placed in My Drive (files belonging to an individual) and in a Shared Drive (files belonging to a team). When a person leaves UD, all files within their Google Workspace account (including My Drive) are deleted.
Files saved to a Shared Drive stay exactly where they are so remaining team members can continue to share information. Whenever possible, place your UD business data into a Shared Drive instead of a My Drive and keep all personal data in a personal Google account.
Additional UD Google Drive resources:
External Hard Drives or Flash Drives
All external storage devices should be encrypted. Contact the IT Service Center at (937) 229-3888 for encryption assistance.
Data Recovery
UDit may be able to recover data from crashed or broken drives and help you restore data from a backup or a recovery partition. Contact the IT Service Center at (937) 229-3888 for assistance.