Not sure where your information should be stored?
IT governance page on cloud storage of ECU data is a good place to start. Next, visit the
sensitive data guidelines page and
information storage grid for many common data types and approved storage.
Approved Data Storage for OneDrive
|Safe for OneDrive
||Exclude from OneDrive
Policies, procedures, SOPs, PRRs
Personnel data considered a matter of public record under NC law: name, age, employment dates, current position, title, current salary and history, changes in position (includes promotion, demotion, transfer, suspension)
General leave-related documentation
Search committee documents (interview questions, applications, etc.)
Individual-specific benefit/deduction information
Individual-specific payroll data
Individual-specific biographical or demographic information
FMLA, VSL, disability information
Other Cloud Storage Solutions
Other external storage of university data using services like
Google Apps and
iCloud must be reviewed by ITCS and approved by the data owner.
However, these services may not meet these university standards:
- user privacy
- intellectual property protection
- records retention
With no contract or agreement between these outside service providers and ECU, information is now in someone else's hands. Contact the IT Help Desk to request a consult before contracting with an outside cloud storage service.
Consider These Vulnerabilities:
- Click-to-agree terms and conditions enter you into a contractual agreement with that service provider. Per ECU regulation,
Delegation of Authority to Sign Contracts
, only those individuals with delegated authority can enter into a contractual agreement on behalf of the university.
- Once you agree to the terms and conditions of the agreement, you may no longer "own" your information.
- There could be security risks that compromise the confidentially, integrity and availability of your information or make it publicly available while placing the university at risk.
- Sensitive or confidential information (patient, student, credit card, Personally Identifiable Confidential Information) must NEVER be stored external to ECU without appropriate university approval and information security assessment. See the sensitive information storage page for approved storage options.
- The university has no control over what occurs with outside service providers; therefore the university cannot protect the privacy and security of your information.
- ECU information could be exported and housed outside the U.S. under foreign jurisdiction.
- You may not be informed if a subpoena or search warrant is served on the service provider to obtain additional information about you.
- There may be no legal recourse against the service provider in the event of security breach, loss of information or other problems.
- Companies change hands, go out of business and change privacy policies which may not be in your best interest.