Security Quick Wins
Storing Confidential Data
The Regulated Data Chart can be used to help you determine where to store your files in accordance with important data security rules and regulations.
Important: Due to constantly changing regulatory and grant changes, please consult with your Data Security Officer (DSO) to determine the safest place to store your confidential data.
Google Drive Security Guidelines
The BC Data Security Policy defines 3 categories of data: Public, Internal Use Only, and Confidential.
The Data Security Committee, General Counsel, and the university’s FERPA officer have informally agreed that an additional, 4th category of data will be added to the Data Security Policy that is even more sensitive than “Confidential.” Data that falls in this additional category will not be allowed to be stored off-campus except with written permission (see below). Google Drive is off-campus, and thus data that falls in this category must not be stored on Google Drive.
Until a formal policy revision is made and approved, you should use the following as a guideline:
Restricted. Due to legal restrictions or security concerns, some legally protected and highly sensitive information must not be stored on Google Workspace or other “cloud-based” systems without permission of the responsible Vice President or the Provost’s Office. This information, much of which was formerly classified as “Confidential,” includes:
Social Security Numbers
Financial or credit account numbers
Personal financial information (e.g. financial aid data)
Account log-in credentials
Driver's license number or state-issued identification number
Health and medical records, including HIPAA-protected information
Human-subject research information
Other sensitive information that the information sponsor or responsible Vice President has determined must remain on a secure BC server.
Confidential. FERPA data (i.e. student records) is generally defined as Confidential, and can be stored on BC Google Drive, except as noted above. Other Confidential data, except as noted above, can also be stored on BC Google Drive.
Internal Use Only: Acceptable to store on BC Google Drive.
Public: Acceptable to store on BC Google Drive
For more information, contact firstname.lastname@example.org.
Boston College uses Identity Finder as a tool to aid in the process of finding and handling confidential data on faculty and staff computers. ID Finder scans computers for credit card numbers and social security numbers only. This type of information is called Personally Identifiable Information (PII).
Version 8.1 of ID Finder software will automatically be installed on your computer.
ID Finder automatically scans computers four times a month. If you have PII on your computer, you will receive an email asking you to remove the PII from your computer or move it to a secure location. Data Security Officers (DSOs) can monitor the results of the scans for employees in their areas using an online console.
ID Finder may not find all Personally Identifiable Information (PII) on your computer and it also may think some information on your computer is PII, when it is not. This is to be expected.