Breadcrumbs

UT4U Header Image

Page title

Cloud Storage

Main page content

Cloud storage refers to any program owned by a third party that allows you to upload your data using the Internet. An advantage of cloud storage is that you can easily access and synchronize your data from multiple devices anywhere in the world, and you can share your information with anyone you want. This type of online storage can make you more productive, but it also comes with security risks. 

In accordance with UTS165 Information Resources Use and Security Policy and the Information Resources Acceptable Use Policy, UT System Administration employees must use an approved cloud storage provider when storing University Data. System Administration has approved OneDrive for our storage and collaboration needs.

For more information on cloud storage services, access the UT System Administration Cloud Storage SharePoint page:  https://community.utsystem.edu/sites/infosec/SitePages/cloudstorage.aspx (login required).

​Data Type

​UT System
OneDrive Data Storage

​Personal Data

Y​

​Published Data

​Y

​Controlled Data

​Y

​Confidential Data

   ​-PII/SSN

​Y

​   -FERPA/GLBA

​Y

​   -PHI/HIPAA

​Y**

​   -PCI

​N

​   -Research Data/IRB

​Ask

​UT System contract

​Y

​Support

​Y

​File upload limit

​10GB

​Storage quota

​Unlimited

​Authentication

​SNAC

For more information on OneDrive or if OneDrive does not meet your business needs, you should contact infosecurity@utsystem.edu to discuss alternative solutions and to request an exception to UT System policy, if necessary.  For more information on types of University data, please refer to the table below.

Data Classification

Description

Examples

Comments

Confidential Data

Data is classified as confidential if it must be protected from unauthorized disclosure or public release based on state or federal law or regulation, and by applicable legal agreement to the extent permitted by law.

  • Patient billing Information and protected health information subject to HIPAA or applicable state law.
  • Student education records subject to FERPA.
  • A credit card number associated with an individual’s name.
  • A social security number
  • Medical Research Data that contains protected health information
  • Certain student loan information subject to the Gramm Leach Bliley Act

Data cannot simply be declared to be confidential. This classification is reserved for information that is protected from public release based on state or federal law, or a legally binding order or agreement. Likewise, data cannot be declared to be confidential under all circumstances. Context is an essential element.

(In relation to the Federal Standards for Security Categorization of Federal Information and Information Systems , FIPS 199, this category equates to HIGH IMPACT for a Confidentiality, Integrity, and Availability breach)

Controlled Data

The Controlled classification applies to data that is not generally created for or made available for public consumption, but may be subject to release to the public through request via the Texas Public Information Act or similar State or Federal law.

  • Operational records, operational statistics, employee salaries, budgets, expenditures. Internal communications that do not contain confidential Information.
  • Research data that has not yet been published, but which does not contain confidential Information protected by law.

This classification likely encompasses the greatest volume of Data within the University.

(In terms of FIPS 199, this category equates to MODERATE IMPACT for a Confidentiality, Integrity, and Availability breach)

Published Data

Published data includes all data made available to the public through posting to public websites, distribution through email, social media, print publications, or other media.

  • Statistical reports
  • Fast Facts
  • Published research
  • Unrestricted directory information
  • Educational content available to the public at no cost

Information can migrate from one classification to another based on Information life-cycle. Unpublished Research may fit the criteria of “Controlled Information” until published upon which it would become Published Information.

(In terms of FIPS 199, this category equates to LOW IMPACT for a Confidentiality, Integrity, and Availability breach.)