Not sure where your information should be stored?
The IT governance page on cloud storage of ECU data is a good place to start. Next, visit the sensitive data guidelines page and information storage grid for many common data types and approved storage.
Other Cloud Storage Solutions
Other external storage of university data using services like DropBox, Google Apps and iCloud must be reviewed by ITCS and approved by the data owner.
However, these services may not meet these university standards:
- user privacy
- intellectual property protection
- records retention
With no contract or agreement between these outside service providers and ECU, information is now in someone else’s hands. Contact the IT Help Desk to request a consult before contracting with an outside cloud storage service.
Consider These Vulnerabilities:
- Click-to-agree terms and conditions enter you into a contractual agreement with that service provider. Per ECU regulation, Delegation of Authority to Sign Contracts, only those individuals with delegated authority can enter into a contractual agreement on behalf of the university.
- Once you agree to the terms and conditions of the agreement, you may no longer “own” your information.
- There could be security risks that compromise the confidentially, integrity and availability of your information or make it publicly available while placing the university at risk.
- Sensitive or confidential information (patient, student, credit card, Personally Identifiable Confidential Information) must NEVER be stored external to ECU without appropriate university approval and information security assessment. See the sensitive information storage page for approved storage options.
- The university has no control over what occurs with outside service providers; therefore the university cannot protect the privacy and security of your information.
- ECU information could be exported and housed outside the U.S. under foreign jurisdiction.
- You may not be informed if a subpoena or search warrant is served on the service provider to obtain additional information about you.
- There may be no legal recourse against the service provider in the event of security breach, loss of information or other problems.
- Companies change hands, go out of business and change privacy policies which may not be in your best interest.