The best way to protect University data is to remove unnecessary data from your computer. High Risk Data must be removed from your hard drive unless you have explicit permission to have it on your computer. Request a Security, Privacy, and Legal review. This includes things such as Social Security numbers, credit card numbers, or checking account numbers. If High Risk Data must reside on your computer, you should protect the University's data by encrypting the whole disk.
Secure File Storage is recommended for faculty and staff who must store Moderate and/or High Risk Data on their computer. Please check the Risk Classifications guidelines to determine if you might have Moderate or High Risk Data on your computer.
The University provides Secure File Storage as a low cost service to encourage staff and faculty to store Moderate or High Risk Data in a central location, off of the local computer.
While there is no single solution to protect the University's data, Secure File Storage protects all data moved to the file storage servers from unauthorized access in the event the computer is lost or stolen. This service provides the additional data protection during transfer of data from the desktop or laptop to the file servers.
Note: In the event of loss or theft of a computer with High Risk Data, Stanford policy (see Administrative Guide Memo 6.6.1: Information Security Incident Response) requires notification of the Information Security Office (ISO). ISO in turn will use the log to determine if a lost or stolen computer is a "reportable" event; possibly requiring notification of persons whose data may have been lost or stolen.
Group accounts are administered via Workgroup Manager by the department that subscribed to the Secure File Storage service. Each member in a group account must have a valid SUNet ID and must agree to the Secure File Storage Policy Agreement. Agreement to the Policy will be monitored and logged.
Adding a new member to an existing Secure File Storage group requires each new member to agree to the Secure File Storage Policy Agreement. A member who leaves a Secure File Storage group must be deleted from the work group as soon as possible to ensure the group’s access integrity; deletion is the responsibility of the subscribing department.