Data Protection

Data protection guidelines

University Policy 46 describes the duties of all members of the university community with respect to information management. For data stored electronically, we recommend consulting current campus-level recommendations on secure data exchange.

The two documents linked above provide details on information security expectations and campus level resources. Any confidential or personally identifiable information, including but not limited to student records, employment records, and medical records, must be protected from unauthorized access.

Physical and on campus data storage

Desktop and laptop computers provided to staff and faculty members through the Arts Computer Replacement Program are configured to use data encryption on the boot drive. Other computers purchased through and set up by ACO (including department computers) are encrypted by default. Access to data stored on the boot drive of these systems is restricted to anyone with login credentials for the system (typically the principal user to whom the computer is assigned).

Network storage provided by ACO (department shares, employee N: drives) is accessible only through authenticated services and requires encrypted access (VPN) for off-campus use. Physical access to these networked shares requires a high security physical key plus an access code to the room(s) in which the file server(s) reside. Access to these secure rooms is logged; attempted access to any of these rooms without a valid security generates an alert which results in the IT Director (Arts) and UW Police being informed.

Network storage provided by IST, such as paid additional storage for research use, may be encrypted on the device in addition to being protected by authentication and authorization controls.

Third party devices (e.g. external hard drives, USB keys) are not encrypted by default. Confidential or restricted information, including student records and personally identifiable information, should not be stored on unencrypted devices.

If you need to store sensitive information on external devices or computers not purchased through ACO (e.g. research or FPER purchases), please consult your department computing support contact for advice as soon as you become aware of the need.

Off campus data storage

There are services outside the university that provide data storage, such as Google Drive and Dropbox. The Arts Computing Office recommends that these third party services not be used for confidential or sensitive data. For detailed recommendations, see the university guidelines for secure data exchange.

A federated instance of Office 365 will be available to UW employees in early 2017. IST is working on guidelines for acceptable use of OneDrive and related services.