 |
 |
Hello, Over here at the MSU Libraries we often consult with faculty looking for research data storage options as part of our Research Data Management Guidance service. We instruct faculty that our agreement with googleapps does NOT allow us to claim FERPA or HIPAA compliance, as this is what I was told when I inquired about the agreement with IT Services in 2012. In addition, we specifically mention that confidential and sensitive information should not be stored in googleapps. This is also part of our presentation to New Faculty Orientation. You may also be surprised to learn that D2L is often used for data storage. Of course, we reccomend managed networked storage through ITS, department IT, or HPCC as the primary and authoritative copy of research data. Honestly, we most often recommend HPCC as they offer up to 1TB for free. We recommend two other backups, one local and one remote. I believe there will be a Research Data Management task force of some kind developed out of the IT Council which could take a closer look at policy. Curious to follow this conversation. -Aaron Aaron Collie Head, Digital Scholarship and Curation Michigan State University Libraries [log in to unmask] 517–884-0867 From: Gary Schrock Reply-To: Gary Schrock Date: Thursday, October 27, 2016 at 10:42 AM To: "[log in to unmask]<mailto:[log in to unmask]>" Subject: [MSUNAG] cloud storage policies Hey folks, I was just wondering if anyone knows whether the cloud storage policies have had any revisions lately that I just happened to have not heard about. I recently had a conversation with one of my users that also works in a lab in another department that kinda surprised me on the recommendations they were getting to use google drive as the storage space for their lab data. Specifically, from the documentation that I can find (and have seen for quite a while), the MSU policy is that anything that's considered confidential data should not be stored on cloud storage. Among the many examples of what's considered confidential data, the one that always stands out to me based on the nature of what we do in our department is "Unpublished research data". As a result, we've always been very careful to stress to our users that they shouldn't be using it, and specifically not for unpublished research data (which invariably is what they want to use it for anyways). Whether they pay attention to us after that is always of course another debate. However, this person says the recommendation they were getting from another department was that they should use google drive to store their research data. And supposedly they were told that MSU's agreement with google allows for stuff including FERPA and HIPAA protected data to be on google drive. (In this case, I don't think their data actually falls under either of those anyways.) From what I can find, there is reference to google apps being ok for FERPA stuff, but only specifically MSU's educational records. The googleapps.msu.edu<http://googleapps.msu.edu> page specifically then says to avoid any confidential data than educational records. I'm not trying to throw another department's IT staff under the bus, but do feel that some clarification would be useful. Among other things, I'm getting told this third party from a user, so I'm entirely willing to believe that there's something being lost in translation there. (I've also always kinda felt that it's better to err on the side of caution here. If something did happen and things got breached, faculty with tenure tend to be pretty hard to fire because of something like that. The IT staff that let them get away with doing this in the first place is far more easily replaced :). Call it a healthy dose of paranoia.) Gary