Many people use public cloud storage, such as Dropbox, Google Docs, and Google Drive, for storing personal files. While these cloud-based products and services are useful, there are related privacy and security concerns. For users of the College computing environment, it is necessary to consider appropriate usage.
CCIT recommends that you do not use public cloud storage for Columbia University business.
[Here, the phrase "public cloud storage" refers to services such as Dropbox, Google Docs, and Google Drive]
All of us at Columbia have a responsibility to protect the University's data. When you save documents in public cloud storage, we can no longer guarantee appropriate technical and administrative access controls for the data. Therefore, public cloud storage is not recommended for storing work documents, especially those that contain data as defined as follows:...information within Columbia University's purview, including student record data, personnel data, financial data (budget and payroll), student life data, departmental administrative data, legal files, research data, proprietary data, and all other data that pertains to, or supports the administration of the University. [Data Classification policy]
Here are some general guidelines:
- Use caution when storing documents and data in public cloud storage. Store only non-sensitive, non-critical, or non-confidential documents that do not contain data as defined above.
- Do not use public cloud storage to store files containing sensitive information. This includes, but is not limited to, data protected by FERPA or HIPAA, Social Security Numbers, credit card numbers. Please refer to the University Data Classification policy for more complete data classifications.
- Even for instances when you work with non-sensitive information, using public cloud storage services for institutional documents does not make a good long-term storage solution. In many cases, public cloud storage requires that files be associated with an individual's personal account. Should that individual leave the University, the instititution loses access to the data.
- The terms of service for public cloud storage services are between you, the account owner, and the service provider. The personal licensing for these products have not been approved by Columbia University for official University use.
- CCIT does not officially support public storage clients or apps, such as those available for Dropbox.
For all your University data storage -- whether on your hard drive or in the cloud -- you must follow the following University policies:
- Data Classification Policy
- Encryption Policy
- Electronic Information Server Administration Policy
- Social Security Number (SSN) and Unique Person Number (UPN) Usage