The University of Leeds staff terms and conditions for use of OneDrive can be found here:

http://it.leeds.ac.uk/download/136/staff_terms_and_conditions_for_using_onedrive-university_of_leeds

 

The main clause of interest is:

18. In accordance with the University’s Information Security Policy, Highly Confidential information must not be copied to or stored within the Service unless encrypted and then only for the shortest period necessary for business operations.

(we do permit the storage of ‘confidential’ data in OneDrive).

 

Definitions of data types along with some examples can be found in the Information Protection Policy:

http://it.leeds.ac.uk/download/53/information_protection_policy

 

Tim

---------------------------------------

Faculty IT Manager, IT

University of Leeds

Leeds

 

http://www.essl.leeds.ac.uk/people/staff/banks

From: Research Data Management discussion list [mailto:[log in to unmask]] On Behalf Of Jill Evans
Sent: 30 July 2015 16:16
To: [log in to unmask]
Subject: Advice on cloud services

 

Dear All

 

I’d really appreciate some advice/opinions on cloud services.  In particular, has anybody changed, or is thinking of changing, the advice they give researchers on use of cloud services for storing data?

 

IT here has recently implemented OneDrive for Business which gives researchers a massive amount of storage space with data guaranteed to be held on EU servers.  Cloud is fine, indeed wonderful, for many types of data, for sharing and working collaboratively, etc., but I’m still pretty much of the opinion that it shouldn’t be used for any extremely sensitive data where there is an implicit risk to confidentiality or reputation, and so on.

 

I have noticed some more relaxed attitudes to cloud-based services recently in the UK and elsewhere but I am still telling people not to use cloud for sensitive data and if they do store data in the cloud, back up to a different location.  This is somewhat in conflict with what IT would like. 

 

I would happily change this advice but I would like some reassurance that new practices are: 1) endorsed by the RDM community 2) comply with funder requirements (almost certainly they would not) 3) underpinned by legislation (I understand a new European DPA is under discussion which may provide specific guidance on cloud).

 

At the risk of sounding naïve or uniformed, if considering using cloud for sensitive data, does encryption and restricting access make it OK now?  I can’t imagine telling some of our Health researchers to put all their data in the cloud…maybe I’m just hopelessly behind the times but alarm bells are ringing.

 

Thanks and best wishes

 

Jill

 

Jill Evans

Research Data Manager

University of Central Lancashire

Research Office

Greenbank Building

Preston

PR1 2HE

 

01772 894033

 

[log in to unmask]

[log in to unmask]

Follow @UCLanRDM on Twitter for the latest news and events

Research at UCLan: http://www.uclan.ac.uk/research/