OIT Home > OIT Knowledge Base Search Knowledge Base: File Storage Options for Sensitive Information The campus recently signed agreements with Google and with Microsoft that provide cloud file storage for all faculty, staff, and students. While the quotas for these plans are generous, staff should use caution when storing sensitive information using these services. Usage polices for OneDrive for Business and Google Apps for Education are posted on the OIT website. There are federal restrictions on how certain information is transmitted and how it is stored. The most restrictive guidelines are the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI) standards. HIPAA guidelines dictate that information classified as Personal Health Information or HIPAA information must be transmitted in an encrypted form AND stored in an encrypted format. Likewise for PCI data - credit card information. FERPA guidelines (education records) do not specify encryption, but the recommendation is to make every effort to protect the information. The following chart is a summary of what is available to staff when considering storage options. If you are using anything other than one of these options for general file storage, please confirm the university has a valid contract. Certified Storage of Storage Quota Encrypted At Rest Encrypted In transit HIPAA/PHI FERPA PII T-Storage Varies N N N Y N GoogleDrive Unlimited Y Y N Y Y OneDrive Unlimited Y Y Y Y Y If staff routinely process or store ANY sensitive information on their workstations, laptops, or removable media such as jump-drives, the same controls apply – HIPAA, PCI, PII information must be encrypted at rest. Apple and PC workstations support full disk encryption. Full-disk encryption is recommended. For guidance in storing sensitive information, please call the OIT HelpDesk at (865) 974-9900. Need more help?