What is the 3-2-1 backup rule?
When working with Personally Identifiable Information (PII) or HIPAA data, there are extra considerations to keep in mind. You may also be working with a private company, industry contractor, or other type of confidential data.
Be sure to keep PII secure and HIPAA compliant.
HIPAA data has encryption requirements - it must be encrypted at all points of access, including when in transit during file transfers. There are secure transfer utilities that exist for this purpose.
Be sure that all machines in your lab or office are locked and require a NetID and password to access them. You can also password protect certain files or drives as needed. ITS can help with this.
Check the data ownership policies of any cloud service you subscribe to. Also, remember that there is no expectation of privacy for data stored in the cloud. Don't use a cloud service for data that falls under the UConn protected or confidential data categories.
It's recommended to use use more than one cloud service to make sure that your data is backed up regularly.
If you buy a cloud service, you are contracting as individual, not as the university.
This work is licensed under a Creative Commons Attribution NonCommercial 4.0 International License. | Details and Exceptions