This page is to be used in conjunction with REG 08.00.03 – Data Management Procedures and the following pages:
- Controls for Securing University Data – Best Practices
- Determining Sensitivity Levels for Shared Data
- Data Categories, Trustees, Stewards, and Custodians
- Data Management Procedures Summary and Guidance
- Frequently Asked Questions – Data Management Procedures
The following table indicates the appropriateness of various storage locations for data that is generated at or maintained by NC State and that has a particular data sensitivity level. See also “Why are distinctions made among Generic Cloud Service, Google Drive and Google Docs in assessing where sensitive data may be stored?”
| Storage Location |
Ultra-sensitive (Purple) |
Highly sensitive (Red) |
Moderately sensitive (Yellow) |
Normal, not sensitive (Green) |
Unclassified (White) |
|---|---|---|---|---|---|
| NC State server |
No, unless encrypted and Data Steward approves |
Data Custodian must approve |
Yes | Yes | Yes |
| Cloud service | No, unless encrypted and Data Steward approves |
Data Steward must approve |
Data Steward must approve |
Yes | Yes |
| NC State Google Drive |
No | Yes | Yes | Yes | Yes |
| Microsoft OneDrive | No | Yes | Yes | Yes | Yes |
| Google Drive and apps (e.g., Google Docs, Google Sheets, etc.) | No | No, unless encrypted |
Yes, unless Data Steward restricts |
Yes, if not the master copy |
Yes |
| Gmail and other email services | No, unless Data Steward approves |
Data Steward must approve |
Data Steward must approve |
Yes, if not the master copy |
Yes |
| Removable storage |
No | Encryption and Data Steward approval required |
Yes, unless Data Steward restricts |
Yes, if not the master copy |
Yes |
| Local PC | No | Encryption and Data Steward approval required |
Yes, unless Data Steward restricts |
Yes, if not the master copy |
Yes |
| No | Yes | Yes | Yes | Yes | |
| Mobile device | No | Data Steward must approve |
Yes, unless Data Steward restricts |
Yes, if not the master copy |
Yes |