Google Drive and Microsoft OneDrive for Sharing Sensitive Information


UT has contracts in place with Microsoft OneDrive and Google Drive. University usage policies for these solutions are online (MicrosoftGoogle). OIT provides full support for OneDrive and Google Drive. 

The University does not have approved terms and conditions for other popular Cloud-based file storage solutions such as Dropbox or Box. These solutions should not be used for official University business.

Types of Information

There are four types of information that we are concerned about:

  • FERPA - The Family Educational Rights and Privacy Act is a Federal law that protects the privacy of student education records. More Information.
  • Payment Card Industry (PCI)Financial and credit card information follows guidelines for the Payment Card Industry (PCI).
  • PII - Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.
  • HIPAA/PHI - The Health Insurance Portability and Accountability Act of 1996 protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The Privacy Rule calls this information protected health information (PHI).

Federal restrictions govern how we handle these types of information.

  • The most restrictive guidelines are the HIPAA and PCI standards. HIPAA guidelines dictate that information classified as PHI or HIPAA information must be transmitted in an encrypted form AND stored in an encrypted format. Likewise, for PCI data - credit card information.
  • FERPA guidelines (education records) do not specify encryption, but the recommendation is to make every effort to protect the information.

OneDrive and Google Drive Comparison



Google Drive


5 TB Individual | 25 TB Teams





Sync Client

Yes, including Groups and Teams

Yes, including Shared Drives

File Sharing



Certified – FERPA



Certified – PII



Certified – HIPAA/PHI



Certified - PCI Yes Yes

Recycle Bin/Trash

90 days

30 days


If you prefer to share sensitive information through email, you have two options.  

  1. UT Vault, a secure file transfer service that allows you to send large files quickly and securely. (Encrypted at rest and in transit)
  2. Office 365 Email Encryption.   When sending an email from Office 365, type the word 'encrypt' in the subject line to encrypt your message. (Certified for HIPAA/PHI, PCI, PII and FERPA)


Article ID: 115463
Wed 9/2/20 3:47 PM
Wed 10/14/20 2:13 PM
Google Drive
Microsoft OneDrive