Where can I store my data?

Find out where you can store University data, based on how confidential the data is.

What classification is your data?

The University classifies data into unclassified, confidential and highly confidential. It’s important you know which classification your data falls into as this will determine the safeguards you need to put in place to protect it.

Unclassified data includes anonymised data and data which is publically available, for example staff directories with work telephone numbers and email addresses.
Confidential data includes things like passport details, student names with their student ID numbers or exam marks
Highly confidential data includes things link bank account details, information about a person’s ethnic or racial origin, attendance and academic progression information about a University student.

These are just a few examples – for a more thorough guide see the Storage Classification document on the electronic housekeeping page.

(You can store unclassified data in any of these places)

Location	Confidential data	Highly confidential data
Storage of data in shared areas of University server (ie N drive)	✔	Only if encrypted
Storage of data in personal area of University server (ie M drive)	✔	✔
OneDrive – University of Leeds	✔	Only if encrypted
University-owned laptop or mobile device	Only if encrypted, and only temporarily – it must be deleted as soon as possible	Only if encrypted, and only temporarily – it must be deleted as soon as possible
Private laptop or mobile device	x	x
University-owned external memory devices (eg USB stick)	Only if there is no other option. It must be encrypted and deleted as soon as possible	Only if there is no other option. It must be encrypted and deleted as soon as possible

How can I access my data?

Location	Confidential data	Highly confidential data
Remote access to data	Yes, but only via the Virtual Windows Desktop or another University-approved mechanism. If you are accessing data on OneDrive, you must not sync to a private device, or use an app which downloads a local copy. University-owned devices must be encrypted.	Yes, but only via the Virtual Windows Desktop or another University-approved mechanism. If you are accessing data on OneDrive, you must not sync to a private device, or use an app which downloads a local copy. University-owned devices must be encrypted.
Sending data by email	Yes (taking care to check the address of the recipient(s), and you have not provided any additional, unneeded data). It is good practice to use encrypted attachments even within the University.	Yes, but if it is outside the University it must be as an encrypted attachment (taking care to check the address of the recipient(s), and you have not provided any additional, unneeded data). It is good practice to use encrypted attachments even within the University.

Location

Confidential data

Highly confidential data

Remote access to data

Yes, but only via the Virtual Windows Desktop or another University-approved mechanism. If you are accessing data on OneDrive, you must not sync to a private device, or use an app which downloads a local copy. University-owned devices must be encrypted.

Yes, but only via the Virtual Windows Desktop or another University-approved mechanism.

If you are accessing data on OneDrive, you must not sync to a private device, or use an app which downloads a local copy.

University-owned devices must be encrypted.

Sending data by email

Yes (taking care to check the address of the recipient(s), and you have not provided any additional, unneeded data). It is good practice to use encrypted attachments even within the University.

Yes, but if it is outside the University it must be as an encrypted attachment (taking care to check the address of the recipient(s), and you have not provided any additional, unneeded data). It is good practice to use encrypted attachments even within the University.