MENU

Sensitive Data Storage and Transmission

Check here for the appropriate storage and transmission of Payment Card Industry (PCI) and other sensitive data types.

Data Type
PCI Other Sensitive Data

Banner ID, personnel data, job search committees, research with identifiable data points (not HIPAA or SSN)

Requirements 1. All PCI activities must be preapproved by Financial Services' PCI Compliance Officer @ 252.737.4729, who will begin the process with ITCS providing technical resource support.

2. Do not advise clients without conferring with the PCI Compliance Officer and PCI ITCS Technical Resource @ 252.328.9185.

3. Only last four digits of a truncated credit card can be stored; all other electronic storage is forbidden at any time for any reason.

4. All credit card data and processing must be outsourced to PCI-compliant vendors. All other electronic storage forbidden at any time for any reason.

Authorized access only
Note No storage of credit cards allowed on campus
 
Risk Violations could result in University's not being allowed to process credit cards, as well as fines and lawsuits.
Breach notification
Where to Start for
Assessment Process?
Central Project Office
Central Project Office
Where to Start for Data Owner/Compliance Information?
PCI HRIS
Who is Data Owner/
Current Approver?
PCI Committee/Robin Mayo (Financial Services)
Human Subject Research Data: IRB/Wiley Nifong, MD/Michelle Eble, PhD, CIP/Norma Epley, MD

Personnel: Human Resources/Dan Blumberg, Director, HRIS

Blackboard No No
Cloud Hosted*

*see below for MS OneDrive

Touchnet is the only University-approved solution. Any other solution must be approved by Financial Services and ITCS.

User consults with the eCommerce Manager who provides the appropriate request forms, eCommerce@ecu.edu

Data owner approval required.
CommonSpot No No
CrashPlan No Yes
DatAnywhere No
Yes; No storage on mobile device
iTunes (SODM course content)
No No
Lync (Skype for Business)
No Yes
Mediasite No Follow video guidelines. Media consent forms required. Data owner approval required.
MyWeb.ecu.edu (faculty)
No No
MyWeb.ecu.edu (students)
No No
Office 365
Web Apps
No No
OneDrive
Pilot Group*

*OneDrive currently being tested

No No
Piratedrive No Yes
Qualtrics No Data owner approval required
REDCap No
No
SabaMeeting No No
Second Life No No
Sedona No No
SharePoint No Data owner approval required
TeamDynamix No No
Tech Excel
No No
Tegrity No No
Turning Technologies - Blackboard Building Block
No No
University Encrypted Storage Device (hard drive, data file, USB)
No Data owner approval required
Winmedia Server
No No
WordPress No No
WordPress for Courses
No No
Yammer No No
Other