Where should I store my files?
First, you should determine whether you still need the files:
Can the files be archived and saved as historical files?
Can the files be deleted because they are obsolete or no longer needed/relevant?
Please reference the RIT Records Management Policy to determine if the files can safely be deleted.
Then, we need to classify the information in your files to ensure proper handling of internal, private, and confidential information.
The following links expand on the definitions of data classifications as well as a list of applications and their approved levels of confidentiality.
Do my files contain private information – PII?
Private information is information that is confidential and could be used for identity theft. Private information also has additional requirements associated with its protection (e.g., state and federal mandates). Examples include:
Social Security Numbers (SSNs), Individual Taxpayer Identification Numbers (ITINs), or other national identification numbers
Driver’s license numbers
Financial account information (bank account numbers, checks, credit or debit card numbers), etc.
The NYS SHIELD Act expands the examples of PII as follows:
Social security number
Driver’s license number or non-driver identification card number
Account number, credit, or debit card number in combination with other identifiable data
Biometric information such as a fingerprint, voice print, retina or iris image, or other unique physical representation or digital representation
User name or email address in combination with a password or security question
Private information in electronic form should be stored in secure ISO-approved servers, or, if authorized to be stored elsewhere, only in encrypted (not just password-protected) form. It should not be stored on desktops, laptops, mobile devices, or portable media without encryption or similar protection. Contact the Information Security Office for advice and assistance.
Private information shall not be posted in blogs, wikis, or other digital locations/repositories or social networks that do not use ISO-approved RIT authentication and authorization.
Private information shall not be stored on computer systems that share virtualized resources through the Internet (cloud computing) or a grid (distributed computing).
Transfer or sharing of Private information should be by ISO-approved methods such as:
Secure file transfer, such as Tiger File Exchanger
Encrypted e-mail or other electronic transmission
file-based encryption
Do my files contain confidential information?
Confidential information is information that is restricted to a need-to-know basis and, due to legal, contractual, ethical, or other constraints, may not be accessed or communicated without specific authorization. Examples include:
Educational records governed by FERPA that are not defined as directory information (see RIT Educational Records Policy D15.0)
Employee and student health information as defined by the Health Insurance Portability and Accountability Act (HIPAA)
Faculty research or writing before publication or during the intellectual property period (see RIT Intellectual Property Policy 3.0)
University Identification Numbers (UIDs)
Employee Personnel Information
Management Information Designated as Confidential
Faculty Research
Third-party information that the RIT has agreed to hold confidential under contract
What if I’m not sure / What if I have a security question?
Contact the Information Security Office (ISO) at infosec@rit.edu
How do I store my files?
• How to use Google Storage
Within the article, the “I still need help” button will link you to open an RSC ticket if needed
• How do I request a SharePoint site?
SharePoint Site Creation or Deletion Request - Employee Center
Within the article, the “I still need help” button will link you to open an RSC ticket if needed
• How do I create a file share?