Version 1.0 - June 14, 2014 The BC Data Security Policy defines 3 categories of data -- Public, Internal Use Only, and Confidential.
The Data Security Committee, General Counsel, and the university’s FERPA officer have informally agreed that an additional, 4th category of data will be added to the Data Security Policy that is even more sensitive than “Confidential.” Data that falls in this additional category will not be allowed to be stored off-campus except with written permission (see below). Google Drive is off-campus, and thus data that falls in this category must not be stored on Google Drive. This additional category has not been named yet. Until a formal policy revision is made and approved, you should use the following as a guideline:
- New Category. Due to legal restrictions or security concerns, some legally protected and highly sensitive information must not be stored on Google Apps or other “cloud-based” systems without permission of the responsible Vice President or the Provost’s Office. This information, much of which was formerly classified as “Confidential,” includes:
- Social Security Numbers
- Financial or credit account numbers
- Personal financial information (e.g. financial aid data)
- Account log-in credentials
- Driver's license number or state-issued identification number
- Health and medical records, including HIPAA-protected information
- Export-controlled information
- Human-subject research information
- Other sensitive information that the information sponsor or responsible Vice President has determined must remain on a secure BC server.
- Public and Internal Use Only. Acceptable to store on BC Google Drive
- Confidential. FERPA data (i.e. student records) is generally defined as Confidential, and can be stored on BC Google Drive, except as noted above. Other Confidential data, except as noted above, can also be stored on BC Google Drive.