Security and Compliance

Examples include News and public announcements, course offerings, approved publications, directory information including names,  CWRU NetID, work phone number, office or lab locations, email addresses .

In addition to local workstations, Public data may be stored on departmental file servers, Digital Case, the main Case website, any central CWRU storage system, or in Google, Box, or Amazon or Microsoft web services.  

Examples include home phone numbers, student grades, and you might consider this for your prepublication data and reports of a less sensitive nature but still not ready to be made public.

Google Drive, Microsoft or Box cloud storage, Canvas, QuickBase, Departmental file storage, or any of the Research storage options are approved for Internal Use information. Do not place Internal Use information on any public web service, including a departmental web site. Almost anything protected with CWRU Single Sign On would be more appropriate.

Examples include internal information such as tenure reviews and personnel information, along with research data containing Personally Identifying Information of research subjects, proprietary information covered under a nondisclosure agreement, or "HIPAA covered" data.

Only a few of our storage options are approved for storing Restricted Data. These include the Secure Research Environment and the Box cloud service. Under certain very limited circumstances you may keep Restricted Data on local workstations or your Departmental systems, but these must be very carefully set up and secured against unauthorized access or theft. For any questions, please consult with Information Security. 

Under limited circumstances, limited data sets or other data that has been deidentified (having most or all of the 18 HIPAA identifiers removed or redacted) may be used with the High Performance Computing cluster. Fully-deidentified data is best, but your data use agreement may still require strict controls. 

Often the terms and conditions found in a Data Use Agreement or Data Security Plan approach or exceed the controls we apply to Restricted Data generally.

Contact us for assistance with creating Data Security Plans or implementing a Data Use Agreement, or if you think you might have Restricted Data and want to be sure it's properly protected.

We know that it is sometimes difficult to fully separate personal correspondence, email, and such, from University records, data, and documents. 

Along with your individual accounts with GMail and Microsoft 365, you have personal storage in your Google Drive or Microsoft OneDrive you may use. Storing personal documents in such locations is fine, but this is not appropriate for Institutional Data.

Research data, along with other institutional documents, should be stored in a location that is shared with others; your collaborators, your Department, other appropriate individuals or groups at the University. This way, should you leave the University, the data is not erased when your account is removed. 

Be mindful to use Microsoft SharePoint team storage, or Google Shared Folders, or assign co-owners in Box or any other service where you store institutional data, including any and all research data. This is not just good data stewardship, but your colleagues and collaborators will thank you!