You are here

Data Storage

See the Data Storage Standard in the University's Information Security policy for specific requirements that you must follow.

Standard and Process

Data (including databases) must be stored to comply with regulations or contractual agreements related to data storage and to maintain the confidentiality, integrity and availability of the data.

Storing or transferring University private data to a vendor or non-University internet site/system requires an approved University contract.

Any incidental and unintended storage of files in browser or other cache files on personally owned computers and media; or email/email attachments must be deleted as soon as possible.

Staff and faculty traveling internationally must not transport export-restricted data or software outside of the U.S. The Office of the General Counsel and the Office of International Programs can provide guidance. University private data should be removed from laptops, devices or media before travelling. Store the minimum data necessary for the trip. All other files should be securely deleted (old email, old files, etc). A departmental travel or rental computer should be used. For current international travel requirements, see the official US travel site.

IT staff are responsible for working with users and data owners to develop data storage options for University data.

Users and data owners are responsible for working with IT staff to understand and follow the data storage requirements for the data they store. Data owners are responsible for publically available information.

More Information

Document Owner: University Information Security

Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect

Effective Date: August 2010

Last Reviewed Date: November 2014