Data Sharing and Handling

How is this data classified?

If you’d like to learn more about how data is classified, see our definitions of classifications.

Definition

The Official Budget provides the Trustee Approved IU budget.

How to store your data

Do you really need to store it? Whenever possible, rather than creating another copy that will require special protections, access and view the information from its primary source.

Use a secure storage location. All electronic storage systems approved for critical data can also be used for restricted, university-internal, or public data. However, such systems can be expensive to maintain and may include protections that make them less convenient to use.

Ask your department which storage service is professionally secured for university-internal information.

See Mobile Device Security Standard IT-12.1 if you need to store this data on a mobile device such as a tablet or smart phone.

Ensure university-internal paper records are kept in access-controlled storage areas.

Retention: The potential for unauthorized disclosure increases with the length of time you retain information. Keep information, in any form, only as long as necessary. Federal and state law, and university practice, determine retention requirements. Consult with the office responsible for the information for current retention requirements, and monitor the University Records Management Schedules.

How to use your data in general

• Never use information for personal gain or profit, the gain or profit of others, to satisfy curiosity, or to engage in academic, personal, or research misconduct.
• Immediately report any misuse of information to the appropriate authorities.
• Always log off or lock your workstation when you step away, even for a moment.
• Individual users are held accountable for their specific use of the data.

How to dispose of your data

For non-critical data assets, always consider the sensitivity of the data in determining the appropriate disposal method: If this was your personal information, how would you like it to be treated? Do you shred any mail that has your home address on it? If so, treat the home addresses of others in the same respect.

For electronic records, review stored files for non-critical data assets and delete what is no longer needed routinely (i.e., monthly, quarterly or annually). Be sure to completely delete files. Most systems move deleted files to a “deleted” folder that will require emptying or another deletion step.

If you are disposing of a hard drive or any storage media, IU policy requires wiping or destroying all IU data from computing equipment prior to redistribution, sale, or disposal.

How to share or send your data

Transferring files from computer to computer (and person to person) is a common occurrence. Perhaps you need to send a class roster spreadsheet to an office assistant or a document containing a grant proposal to a colleague at another university. In each of these cases, it's important to know what options are available to get your file from point A to point B using a method appropriate for the data being transferred.

Transmission by hand

Use reliable transport or couriers. See the Media Disposal Guide for a list of approved couriers. Protect information from unauthorized disclosure or modification during transit (for example, use locked containers or tamper-evident packaging). Always require a signature from the recipient. Provide a full address for the recipient (not a P.O. Box), and follow up to ensure the information was received by the intended recipient. Keep your shipping documentation, including the tracking number.

Electronic transmission

Encrypt while in transit using SecureShare. Websites used for transmission must be secure and transmit information over a secure channel. Learn more about sharing data securely.

Policies

FIN-BUD-1 Official Budget.

Laws and Regulations

Some information may be produced upon the receipt of a public records request. Indiana Code 5-14-3: Access to Public Records.

Storage Notes

^{[1] Do not send or receive Restricted or Critical data via email unless it is required by your role within the university. Instead of email, use Secure Share or create a Secure Microsoft Team using the Institutional storage request form to share any Restricted or Critical data.}

^{[2] If you are sharing personally identifiable information (PII) classified as University-internal (i.e., names, University IDs, student addresses, etc.) via Exchange mail, best practice is to limit the data set to 100 or fewer individuals; to share larger data sets, use Secure Share or create a Secure Microsoft Team using the Institutional storage request form.}

^{[3] If you are unsure whether email is appropriate for a particular situation, consult with the appropriate Data Steward and the UIPO. Always force encryption for non-institutional messages that contain Restricted or Critical data. This is especially important since any recipient may forward messages you send or have IU email configured to automatically forward all messages to an outside email account. IU mail servers use the Office Message Encryption (OME) to encrypt messages sent to external recipients. For more, see About confidential information in email.}

^{[4] Files stored in Geode-Project space are replicated, by default, at each data center.}

^{[5] To request a Geode-Project allocation, IU researchers must follow the steps below to establish a memo of understanding (MOU) with UITS Research Technologies.}

^{[6] OnBase is not designed for files larger than 100 MB but is capable of handling them. If you have questions, contact the OnBase team.}

^{[7] Due to the mammoth volume of data stored on the Scholarly Data Archive, backups are neither practical nor economical. The SDA doesn't have an offline, traditional backup system, so any deletion you perform will cause an irreversible loss of data. Although files are not backed up, two tape copies are saved by default (one at IU Bloomington; another at IU Indianapolis) and are never purged by administrators. If you have questions or need help, email the UITS Research Storage team.}

^{[8] For storage capacity exceeding 50 TB, a short formal request or some cost recovery is needed. When in support of authorized research activities, extensions beyond 50 TB are routinely granted at no charge. For help, email the UITS Research Storage team.}

^{[9] Secure Share files are automatically deleted 30 days after you upload them. If you have a question or need help with Secure Share contact your campus Support Center.}

^{[10] The default quota allotment is 800 GB per user. Additionally, an inode quota (sometimes called "file quota") limits the number of objects a single user can create to 6.4 million.}

^{[11] Some services approved for storing data containing PHI are not approved for storing other institutional data classified as Critical. Consequently, some HIPAA-capable systems have "Restricted" listed as the most sensitive institutional data classification allowed, even though they're capable of storing PHI (which is classified as Critical). If you need help determining the most sensitive institutional data classification allowed on any UITS service, contact the University Information Policy Office (UIPO).}

^{[12] For the most current pricing information, go to Rates and costs of UITS services.}

^{[13] Must be via Creative Cloud under IU's contract with Adobe.}

^{[14] Some services approved for storing data containing PHI are not approved for storing other institutional data classified as Critical. Consequently, some HIPAA-capable systems have "Restricted" listed as the most sensitive institutional data classification allowed, even though they're capable of storing PHI (which is classified as Critical). If you need help determining the most sensitive institutional data classification allowed on any UITS service, contact the University Information Policy Office (UIPO)}

^{[15] Access to all visualization systems is physical (i.e., you must be in the room with the device to use it). Currently, no remote access or virtual desktop support is available. To request physical access to visualization devices, contact the AVL. An AVL staff member will meet with you to discuss your project and proposed usage scenario. Once your proposed use is approved, AVL staff will provide an orientation and training to get you started using the system. Most visualization systems have 24/7 access via keycards.}

^{[16] For the most current pricing information, go to Rates and costs of UITS services.}

^{[17] You can use storage on virtual machines as raw space or for file storage within an operating system. For service details, see Virtual Systems.}

^{[18] You can purchase data protection services on a gigabyte-per-year basis and additional storage capacity on a per-gigabyte basis.}

^{[19] For the most current pricing information, go to Rates and costs of UITS services, click to open the current-year "Rates for Direct-bill Services" document for your campus, and then browse that document to find information about "Intelligent Infrastructure Services". If you have a question or need help, contact UITS Storage and Virtualization.}

^{[20] Home directory and local scratch space on IU's research computing systems meet certain requirements in the HIPAA Security Rule that enable their use with research data containing PHI; however, simply storing research data containing PHI on a UITS Research Technologies computing system is not enough to fulfill your responsibilities for protecting the privacy and security of that PHI. Before storing PHI on one of these IU research computing resources, be sure you understand the information in the Important considerations regarding PHI section of this document. If you have questions or need help, email UITS HIPAA consulting}

^{[21] Home directories on IU's research computing systems are hosted on a centralized network-attached storage (NAS) device. Upon creating an account on any of IU's research computing systems, you are allotted 100 GB of home directory disk storage on the NAS device. If you create additional accounts on other research computing systems, the 100 GB allotment is shared among those accounts. No quotas are enforced on local scratch directories; the amount of local scratch space varies by system.}

^{[22] Maximum file sizes: Home directories (10 GB); local scratch directories (varies by system).}

^{[23] Purge policies for local scratch space varies by system; see Available access to allocated and short-term storage capacity on IU's research systems.}

^{[24] SharePoint Online is appropriate for use with institutional data classified as Public, University-internal, or Restricted. Use with data classified as Critical requires approval from the appropriate Data Steward.}

^{[25] For security reasons, the SharePoint Online Sync button is hidden by default. Do not enable SharePoint Online sync unless you are certain no data classified as Restricted or higher will be shared on your site, and you followed best practices in educating your users; for more, see Share and collaborate on Microsoft 365 files.}

^{[26] For the most current pricing information, go to Rates and costs of UITS services. If you have a question or need help contact UITS Storage and Virtualization.}

^{[27] All visualization systems have local storage areas, but they are not backed up and are purged regularly. Before each working session, you must import all data and program files from a long-term storage medium, and transfer them back to long-term storage when you're finished. All visualization systems have USB support and are connected to the IU network, so you can use long-term storage media, such as USB (flash or magnetic) drives, and network-enabled storage services, such as the Scholarly Data Archive. If you have questions, contact the AVL.}