Google Drive and Microsoft OneDrive for Sharing Sensitive Information

Overview

UT has contracts in place with Microsoft OneDrive and Google Drive. University usage policies for these solutions are online (MicrosoftGoogle). OIT provides full support for OneDrive and Google Drive. 

The University does not have approved terms and conditions for other popular Cloud-based file storage solutions such as Dropbox or Box. These solutions should not be used for official University business.

Types of Information

There are four types of information that we are concerned about:

  • FERPA - The Family Educational Rights and Privacy Act is a Federal law that protects the privacy of student education records. More Information.
  • Payment Card Industry (PCI)Financial and credit card information follows guidelines for the Payment Card Industry (PCI).
  • PII - Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.
  • HIPAA/PHI - The Health Insurance Portability and Accountability Act of 1996 protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The Privacy Rule calls this information protected health information (PHI).

Federal restrictions govern how we handle these types of information.

  • The most restrictive guidelines are the HIPAA and PCI standards. HIPAA guidelines dictate that information classified as PHI or HIPAA information must be transmitted in an encrypted form AND stored in an encrypted format. Likewise, for PCI data - credit card information.
  • FERPA guidelines (education records) do not specify encryption, but the recommendation is to make every effort to protect the information.

OneDrive and Google Drive Comparison

 

OneDrive

Google Drive

Quota

5 TB Individual | 25 TB Teams

Unlimited

Team/Groups

Yes

Yes

Sync Client

Yes, including Groups and Teams

Yes, including Shared Drives

File Sharing

Yes

Yes

Certified – FERPA

Yes

Yes

Certified – PII

Yes

Yes

Certified – HIPAA/PHI

Yes

Yes

Certified - PCI Yes Yes

Recycle Bin/Trash

90 days

30 days

Email

If you prefer to share sensitive information through email, you have two options.  

  1. UT Vault, a secure file transfer service that allows you to send large files quickly and securely. (Encrypted at rest and in transit)
  2. Office 365 Email Encryption.   When sending an email from Office 365, type the word 'encrypt' in the subject line to encrypt your message. (Certified for HIPAA/PHI, PCI, PII and FERPA)

Details

Article ID: 115463
Created
Wed 9/2/20 3:47 PM
Modified
Wed 10/14/20 2:13 PM
Environment
Google Drive
Microsoft OneDrive