Confidential data should NOT be stored or shared using OneDrive.
Examples of confidential data include but are not limited to:
- Social Security Numbers
- Bank account or credit card numbers
- Data covered by the Federal Educational Rights and Privacy Act (FERPA)
- Data covered by the Health Insurance Portability and Accountability ACT (HIPAA)
- Trade secrets or information that may be purchased for the creation of a patent
- ITAR (International Traffic in Arms Regulations)
- Human subjects research data
- Login/password credentials
Sensitive Data (University restricted)
Sensitive data may be stored and shared in OneDrive, but must be stored and shared in a secure manner. (see "How to Use OneDrive Securely" below).
Sensitive data is information generally used internally at the university or with its authorized partners. This includes but is not limited to the following:
- Identities of donors or other third party partner information maintained by the University not specifically designated for public release.
- Proprietary financial, budgetary or personnel information not explicitly approved by authorized parties for public release.
Data that does not meet the criteria as confidential or sensitive as defined above shall be considered non-classified data. Please note that this classification does not imply that the data does not need to be properly managed. Such data may be subject to open records requests.
Unclassified data may be stored and shared in OneDrive, but must be stored and shared in a secure manner (see "How to Use OneDrive Securely" below).
Secure the workstation or device you are using to access OneDrive (personally owned devices):
- Install virus/malware detection software with the latest definitions
- Keep your operating system and software up-to-date
- Password-protect your workstation or device and use idle-time screen saver passwords where possible
- Don't sync files to a machine or device that is not issued and secured by the university
- Don't store personal files in OneDrive
Use only secure network connections:
- Use the University’s wired network or RooTown when on campus
- Implement the FTC's best practices for using public WiFi connections
- Implement the FTC's best practices for securing home wireless networks
Exercise caution when sharing files online:
- Use folders to share groups of files with others online
- Share files with specific individuals, never with "everyone" or the "public"
- Be careful sending links to shared folders because they can often be forwarded to others who you did not provide access to
- Remember that once a file is shared with someone and they download it to their device, they can share it with others
Review sharing privileges in OneDrive on at least a quarterly basis:
- Remove individuals when they no longer require access to files or folders
- See this How-To on reviewing sharing privileges for more information
Review file access logs in OneDrive on at least a weekly basis:
- Enable all audit settings
- Turn on reporting features
- Review your audit log reports
- See this How-To on OneDrive settings for more information
OneDrive for Business versus OneDrive
OneDrive for Business is not the same as the commercial OneDrive service that Microsoft offers to individuals for personal online file storage. OneDrive for Business provides online storage for your University of Akron work documents and enables file sharing with your colleagues and students. You should NOT store personal files in your University OneDrive for Business.
Acceptable Use Guidelines for OneDrive for Business
OneDrive for Business is a convenient cloud based storage system for your work related files. Although OneDrive for Business is the endorsed cloud file sharing solution for the University, there are security practices that still must be followed to ensure the service is being used properly.
Listed below are recommendations for storing and sharing files in OneDrive.
The University of Akron will never e-mail you and ask you to disclose or verify your UA password. If you receive a suspicious e-mail with a link to update your account information, do not click on the link--instead, report the e-mail to The University of Akron for investigation.