University of Chicago Sensitive Data Usage Guide

UChicago Sensitive Data Usage Guide

The UChicago Sensitive Data Usage Guide is intended to assist the University community in making informed decisions about where and how to store and share sensitive University data securely.  The guide is predicated on University policy, guidelines, and best practices.  For questions regarding this guide contact security@uchicago.edu or privacy@uchicago.edu.

All use of systems must follow:

 

Note: For guidance on where and how to store research data, see the Secure Research Data Strategy at https://srds.uchicago.edu/.

Updated January 9, 2025

 

End-user Accessible Devices/Services Payment Card (PCI) Personally Identifiable Information other than categories listed here RHI (Research Health Information) PHI (Protected Health Information) Student Education Records Student Financial Aid Applications Sensitive Research Information – SRDS level Low Sensitive Research Information – SRDS Level Moderate Sensitive Research Information – SRDS Level High Criminal Justice Information
End User Devices
ITS virtual desktop N Y N N Y Y Y Y Ask N
ITS supported device N Y N N Y Y Y Y Ask N
UCMIT supported device N Y Y Y Y Y Y Y Ask N
UChicago Police Mobile Data Terminal (MDT) N Y N N N N N N N Y
other unit-level supported device N Ask Ask N Y Y Y Y Ask N
Data Storage (permitted data must be stored in a folder to which only specified parties are permitted access)
Tank (UCAD shares) N Y N N Y Y Y Ask N N
BSDAD shares/CRI N Y Y Y Y Y Y Ask Ask N
UCMedicine shares N Y Y Y Y Y Y Y N N
ITS sharepoint N Y N N Y Y Y Ask N N
BSD sharepoint N Y Ask N Y Y Y Ask N N
Secure Data Enclave (SDE) N Y N N Y Y Y Y Ask N
Canvas N N N N Y N Y N N N
UChicago Voices websites N N N N N N Y N N N
UChicago Intranet N Ask N N N N Y N N N
Website with public access N N N N N N Y N N N
Unit-level file server N Ask Ask N Ask Ask Ask Ask N N
Flash drive & removable media N N Ask N Ask N Y Ask N N
Cloud Data Storage (University records should not be stored on personal Google or Box accounts)
UChicago Google Docs & Drive N Ask N N Y N Y Ask N N
UChicago Google Sites N Ask N N Y N Y Ask N N
UChicago Box & UChicago Box Assured Apps N Y Ask Y Y Y Y Y Y Y
UChicago O365 platform (OneDrive, SharePoint, Stream, Azure) N Y N N Ask Ask Y Ask N N
Other Cloud Storage N Ask N N Ask Ask Y Ask N N
Infrastructure as a Service (IaaS offerings)
UChicago Google Cloud Platform N N N N Y N Y Ask N N
UChicago AWS (Amazon Cloud platform) N Ask Ask N Y Ask Y Ask N Ask
UChicago Azure (Microsoft Cloud platform) N Ask Ask N Y Ask Y Ask N Ask
Transmission Services
UChicago-secure/eduroam wifi N Y Y Y Y Y Y Y N Y
UCM ucmc-staff wifi N Y Y Y Y Y Y Y N Y
UChicago (public) wifi N N N N N N Y Ask N N
Any public wifi N N N N N N Y Ask N N
Campus network – wired, non-public N Y Y Y Y Y Y Y N Y
cVPN (Cisco AnyConnect) N Y Y Y Y Y Y Y Ask Y
UCM VPN N Y Y Y Y Y Y Y Ask Y
Secure copy (SFTP, SSL, scp) N Y Y Y Y Y Y Y Ask Y
Digital Communications (best practice is to send a link to a secure file sharing location (see cloud data storage) or password protect the shared file)
UChicago O365 (email) N Y N N Y Y Y Y N Y, if CJIS data is encrypted
UChicago Google mail N Ask N Ask Y Y Y Ask N Y, if CJIS data is encrypted
UCM email N Y Y Y Y Y Y Y N Y, if CJIS data is encrypted
Unit-level email N Ask N N Ask Ask Ask Ask N N
O365 Teams chat (encrypted with History disabled) N Y N N Y Y Y Y N Y
Slack (not University supported) N N N N N N N N N N
PoliteMail email marketing N N N N N N Y N N N
bulkmail N N N N N N Y N N N
Mobile text and messaging N N N N N N Y N N N
UCM Texting N N Ask N N N Y N N N
UCM Page to Text N N Ask N N N Y N N N
Backup
Server – TSM (DD, IDPA (Dell Backup Services) N Y N N Y Y Y Y Y Y
Desktop – Crashplan/Code42 N Y N N Y Y Y Y Y N
Voice & Video
UChicago voicemail N Y Ask Y Y Y Y Ask N N
UChicago Zoom N Y Ask Y Y Y Y Y N Y
Voice & Video
UChicago voicemail N Y Ask Y Y Y Y Ask N N
UChicago Zoom N Y Ask Y Y Y Y Y N Y
UChicago Police Security Cameras N Y N N N N N N N Y
Other Services
Qualtics survey tools and services N Ask N N N N Y N N N
UChicago CRI REDCap N Y Ask Y Ask N Ask Ask Ask N
RStudio N N N N N N Y N N N
Github N N N N N N Y N N N
ServiceNow N Ask for Service Now forms N N N N N N N N