Wellesley College Data Storage Guide

Wellesley College Data Storage Guide

 

Wellesley College is committed to protecting the privacy of all sensitive data that it maintains.  Since we are all responsible for storing data electronically, it is extremely important to understand the type of data that you are storing and to store them in the appropriate locations. While LTS has created some protected spaces to save data, ultimately the responsibility for understanding and appropriately protecting the data resides with the users. For example, storing a document that contains social security numbers in Vault is the right choice, but it is not enough.  It is your responsibility to also set protections on the files in Vault so that only those with a need to access the files can do so.  Further, members of the Community must be knowledgeable about applicable College policies regarding protection of sensitive data, and are responsible for storing Confidential and Restricted Data as defined below in compliance with those policies.  If you have questions regarding the storage or protection of sensitive data, please contact iso@wellesley.edu.

Data Storage Key

Confidential Data: PI (Personal Information) = Vault

Confidential Data: PHI (Protected Health Information) = Vault, Google Apps

Restricted Data = Google Apps, Sakai, NTM

Public Data = Google Apps, Sakai, NTM, Local Disk, Portable Media

 

For a description of data storage tools and how to access them, click here.

Note: Any non-public information used in the conduct of College affairs that is not explicitly designated as Confidential should be treated as Restricted (level 2). College data that has been made available to the public is classified as Public (level 3).
 

Level

Data Type

Examples

Storage Tools

1a

Confidential (PI)

 

  • Social security number

  • Credit/debit card number

  • Financial account number

  • Driver’s license number

  • Passport number

Vault

1b

Confidential*
(PHI)

 

  • Protected Health Information (PHI)

Google Apps (Drive, Groups, Sites, Gmail)

Vault (optional)

2

Restricted

 

  • All data pertaining to students, faculty, staff and alumnae, or other information pertaining to College business, that is not classified as Confidential, such as student grades, salaries, donor information, etc.

Google Apps (Drive, Groups, Sites, Gmail)

Sakai

NTM

Vault (optional)

3

Public (Unrestricted)

 

  • Directory information

  • Publicly available information

Google Apps (Drive, Groups, Sites, Gmail)

Sakai

NTM

Local hard drive

Portable media

 

*While PHI is still considered Confidential data, it is permitted on Google Apps because Google is certified HIPAA compliant.

For a full description of each of the data types, see the Data Classification Table.