EKU provided cloud services are appropriate for most communication and collaboration; however, the sensitivity and nature of the information must be carefully considered before you choose to store information on a cloud service like Office 365 or Google Drive. Other cloud storage such as Dropbox, is not an option for university data and should only be used for personal storage. If you are using a "consumer" service like Dropbox for university files, you should stop using it and move data to an EKU sanctioned storage area now.
• Personally Identifiable Information (PII) such as social security numbers, dates of birth, student records, employee records, and financial aid data
• Proprietary information such as University financial data and donor information
• Regulated information, the disclosure of which is subject to regulatory compliance including FERPA, GLBA, HIPAA, etc.
If you need to share this data internally you can contact IT for your options.
If you need to share externally, caution should be exercised when doing so. Make sure you understand the sharing mechanisms available before sharing files or folders with anyone--and setup reminders to periodically review any sharing permissions you have set up.
Whenever technically feasible, sensitive information should be stored on network file space in restricted directories--not on an office computer or a removable storage device. If a computer must be used to store sensitive information, it must be in a secure location, and each individual authorized to use the computer should have a unique username with a strong password. Sensitive information should not be stored on a laptop or mobile device unless absolutely necessary (and that device is both password protected and encrypted). Avoid storing any sensitive information in a cloud-based location unless specifically directed to do so. (This includes OneDrive and Google Drive)
EKU provides a variety of University-managed file sharing and collaboration options Members of the University community should consider the Service Guidelines below to determine appropriate file sharing strategies to serve departmental needs based on data sensitivity.
CAUTION: When sharing and storing files, ensure access is limited to only individuals for whom the information is intended.
Please be aware of all University policies and local, state, and federal laws that must be followed when sharing files electronically.
Please use the following guidelines to determine which service(s) best fits your institutional/business needs among employees and students and those outside the university.
• EKU file servers can be used for storing and sharing files of any sensitivity level
• Secure Data Storage Service is for storing and sharing restricted and/or sensitive data - contact the IT Service Desk if you need this level of security
• SharePoint is an option for storing or sharing administrative and other highly sensitive files but not those legally or contractually restricted
• EKU’s Office 365 OneDrive and Google Drive are available for sharing teaching and learning files and other files among employees and students
|Data Types and Examples||EKU File Servers||Secure Data Storage||SharePoint||Office 365 OneDrive or Google Drive|
|Public Data (e.g., calendars, course descriptions, maps, directory, approved census facts, audited finances)||Yes||Yes*||Yes||Yes|
|Internal: Non-Sensitive (e.g., meeting agendas, project documents, teambuilding events)||Yes||Yes*||Yes||Yes|
|Internal: Sensitive (e.g., salary plans, employment data, budgets, donor information, IRB data)||Yes||Yes*||Yes||No|
|Legally/Contractually Restricted (e.g., PHI, SSN, PII, student records, medical records)||No||Yes||No||No|
*While this area is secure for all data, we only recommend it for the last category of data in this table. This is because none of the other options are viable options.