Overview
The University takes its responsibility to protect sensitive institutional data very seriously and requires all those granted access to this information to preserve and protect it. Requirements for data confidentiality and privacy must be observed, and use of these data for anything but the conduct of University business is strictly forbidden.
Sensitive data must be stored only on secured computers—and not stored at all, unless it is absolutely essential to do so.
This page will help you determine whether or not you need to house sensitive data on a computer at all. If you have no choice but to store such information, please read Legally Protected Data at the University of Virginia, for information on how to manage the data in accordance with protections required by University policy and by law.
Assessment Questions
Do you have legally protected data on your servers? If so, you should ask yourself these questions:
- Do you need to have the data?
- Can the data be de-identified—i.e. deleting the names from the record sets?
- Can you give your data to ITC? ITC offers fee-based data storage for legally protected data. (Find out more >>)
If you do have legally protected data that you need to continue managing on your machines, please review our guidelines for safeguarding the data. For more information regarding all types of sensitive data, please refer to the Administrative Data Access Policy.