Ohio University

Sensitive Data in OneDrive

Students

OneDrive for Business can be used to safely store most personal documents. As with any cloud service, you should be careful about storing documents that contain your sensitive information, like your Social Security number, credit card or bank account information, tax information, driver's license number, etc. Consider deleting such data from a document before copying into OneDrive for Business. If you must keep that data intact, encrypt the document before placing it on OneDrive for Business. Microsoft Office products and Adobe Acrobat both come with the ability to encrypt documents, or you can consider an open source tool like VeraCrypt.

Employees

No University Data in Personal Accounts

Never store any University data, sensitive or non-sensitive, in a personal OneDrive account that was not obtained through Ohio University.

Non-Sensitive Data: Individual OHIO OneDrive Accounts or OHIO-Issued Microsoft Groups

You are allowed to store non-sensitive University data in your University-provided, individual OneDrive for Business account. Such data also can be stored in the shared OneDrive space that comes with a University-issued Microsoft Group.

Sensitive Data: OHIO-Issued Microsoft Groups only

Sensitive data, including FERPA, HIPAA and PHI data, may be stored in the OneDrive space that comes with a University-issued Microsoft Group. Individual OneDrive for Business accounts are not approved for storing sensitive data. 

For additional details, visit the Information Security Office's sensitive data guidelines.

Best Practices for Handling Sensitive Data

Use online editing to make updates to documents

Data is only as secure as the system it resides on. Instead of downloading documents to edit them locally just to re-upload them once complete, utilize the online editing tools available with your Microsoft Group. This is especially important for devices that are easily stolen, such as mobile phones and laptops. The online editing allows you to open the document within your browser for quick changes, or through your locally installed client for Word, Excel, etc., without saving the document to your computer. Using the online editing function also allows for multiple people to collaborate simultaneously.

Actively manage sharing to prevent unauthorized disclosure

One of the best functions of Microsoft Groups is fast and secure sharing of files and folders for collaboration. It provides some granularity of how the share is handled, which will be important for the data owner to understand to limit the access to only what is necessary. When sharing a file or folder, you will be prompted with the option to select who you want to be able to view it, and whether they should have access to edit it. We recommend sharing files and folders with specific individuals to prevent unauthorized people from accessing it if the link is forwarded to others.

Be sure to regularly check what content is being shared at the folder level and remove people when their access to the sensitive data is no longer necessary. Take note that even if you deny someone access to edit a shared file, it does not prevent them from copying or downloading it.