Are you a Dropbox User?

Cloud computing can be very convenient to use, but remember UNC does not allow you to store sensitive data in Dropbox or other cloud based computing services.

Are you a Dropbox user? Dropbox and other cloud based computing services are extremely convenient. It is a great way to have access to your personal data. The important thing to remember is Dropbox is not for sensitive data and it does not meet HIPAA requirements. Do not store or share sensitive data in Dropbox or any other cloud computing service.

There is NO prohibition on the storage of non-sensitive or public data on third party hosting services. Additionally, there is no prohibition in policy for using the Cloud for non-sensitive information. But, this does put the responsibility on the users of services such as Dropbox to control what will be placed in the Cloud. All due care must be taken to ensure sensitive information is not stored in Dropbox, either accidentally or on purpose.

Sensitive Information includes all data, in its original and duplicate form, which contains information that has either a legal, ethical, or contractual requirement to be protected or access restricted. The most prevalent examples of sensitive data legislation include HIPAA, FERPA, and NC Identity Theft Protect Act, but there are others. Sensitive data also includes any information that is protected by University policy from unauthorized access. This information must be restricted to those with a legitimate business need for access. Examples of sensitive information may include, but are not limited to, some types of research data (such as research data that is personally identifiable or proprietary), public safety information, financial donor information, information concerning select agents, system access passwords, information security records, and information file encryption keys.

ITS Security has also developed a one page matrix summarizing sensitive data definitions and requirements. It can be found here: http://www.med.unc.edu/security/files/Sensitive-Data-Examples-10282011.doc.  Created by: Lori Mahaney

Filed under: ,