Overview
The University takes its responsibility to protect sensitive institutional data very seriously and requires all those granted access to this information to preserve and protect it. Requirements for data confidentiality and privacy must be observed, and use of these data for anything but the conduct of University business is strictly forbidden.
Securing these devices is critically important; indeed, University policy requires it. If you have stored any sensitive or legally protected data, you must move the data to a secure server and/or encrypt it. In addition, you must have authorization for these actions. Click here for more information.
This page will help you determine whether or not you need to house sensitive data on a computer at all. If you have no choice but to store such information, please read Legally Protected Data at the University of Virginia, for information on how to manage the data in accordance with protections required by University policy and by law.
Assessment Questions
Do you have legally protected data on your servers? If so, you should ask yourself these questions:
- Do you need to have the data? If so, you must obtain authorization, identify, and encrypt it.
- Can you de-identify the data, that is, can you delete the names from the record sets?
- Can you give your data to ITC? ITC offers fee-based data storage for legally protected data. (Find out more >>)
If you do have legally protected data that you need to continue managing on your machines, please review our guidelines for safeguarding the data. For more information regarding all types of sensitive data, please refer to the Administrative Data Access Policy.