Where can I store my data?


Find out where you can store University data, based on how confidential the data is. 

What classification is your data?

The University classifies data into unclassified, confidential and highly confidential. It’s important you know which classification your data falls into as this will determine the safeguards you need to put in place to protect it.

These are just a few examples – for a more thorough guide see the Storage Classification document on the electronic housekeeping page.

Where can I store my data?

(You can store unclassified data in any of these places)

Location

Confidential data

Highly confidential data

Storage of data in shared areas of University server (ie N drive)

Only if encrypted

Storage of data in personal area of University server (ie M drive)

OneDrive – University of Leeds

University-owned laptop or mobile device

Only if encrypted, and only temporarily – it must be deleted as soon as possible

Only if encrypted, and only temporarily – it must be deleted as soon as possible

Private laptop or mobile device

x

x

University-owned external memory devices (eg USB stick)

Only if there is no other option. It must be encrypted and deleted as soon as possible

Only if there is no other option. It must be encrypted and deleted as soon as possible

How can I access my data?

Location

Confidential data

Highly confidential data

Remote access to data

Yes, but only via the Virtual Windows Desktop or another University-approved mechanism. If you are accessing data on OneDrive, you must not sync to a private device, or use an app which downloads a local copy. University-owned devices must be encrypted.

 

Yes, but only via the Virtual Windows Desktop or another University-approved mechanism.

If you are accessing data on OneDrive, you must not sync to a private device, or use an app which downloads a local copy.

University-owned devices must be encrypted.

Sending data by email

Yes (taking care to check the address of the recipient(s), and you have not provided any additional, unneeded data). It is good practice to use encrypted attachments even within the University. 

 

Yes, but if it is outside the University it must be as an encrypted attachment (taking care to check the address of the recipient(s), and you have not provided any additional, unneeded data). It is good practice to use encrypted attachments even within the University.