Data Storage Security
By understanding the importance of classification, faculty and staff can make informed decisions about how to store, share, and protect the data they work with every day. The following sections outline the three main categories—Public, Restricted, and Confidential—with examples and storage guidelines to help you apply these standards consistently.
Data Types
Data Types are defined and managed through the Enterprise Data Stewardship Policy, specifically the Data Stewardship Standards for MSU-Bozeman.
Public
All data that is not otherwised classified and may be released to the general public in a controlled manner.
Restricted
All data for which release or modification without authorization could have an adverse affect on the operations, assets, or reputation of the University.All files are assumed to be ‘restricted’ unless otherwise classified as 'public' or 'confidential'.
Confidential
All data which, if released in an uncontrolled fashion, could have substantial fiscal or legal impacts on the University.
Use the following table to choose the right location for the data you need to store.
Effective 12/17/2021, BOX is no longer an acceptable storage location for MSU Owned
data.
|
Data Type
|
Microsoft Teams
|
OneDrive for Business / SharePoint
|
Opal
|
Knox
|
Docusign
|
Email
|
Blackmore
|
|---|---|---|---|---|---|---|---|
|
Budget information
|
Yes
|
Yes
|
Yes
|
No
|
Yes
|
Yes
|
Yes |
|
Contracts
|
Yes
|
Yes
|
Yes
|
No
|
Yes
|
Yes
|
Yes |
|
Course evaluations
|
Yes
|
Yes
|
Yes
|
No
|
Yes
|
Yes
|
Yes
|
|
Planning documents
|
Yes
|
Yes
|
Yes
|
No
|
Yes
|
Yes
|
Yes
|
|
Staff search committee notes
|
Yes*
|
Yes*
|
Yes
|
No
|
Yes
|
Yes
|
Yes
|
|
Student grades and records
|
Yes*
|
Yes*
|
No
|
Yes
|
No
|
Yes
|
|
|
Employee and student IDs/GIDs (even when combined with names) or initials
|
Yes*
|
Yes*
|
No
|
Yes
|
No
|
Yes
|
|
|
Bank account numbers
|
No
|
No
|
No
|
Yes
|
No
|
No
|
|
|
Drivers license numbers
|
No
|
No
|
No
|
Yes
|
No
|
No
|
|
|
Social Security numbers
|
No
|
No
|
No
|
Yes
|
No
|
No
|
|
|
Passport Visa numbers
|
No
|
No
|
No
|
Yes
|
No
|
No
|
|
|
Payroll ACH numbers
|
No
|
No
|
No
|
Yes
|
No
|
No
|
|
|
International Traffic in Arms Regulations (ITAR) and Export Administration Regulations
(EAR) governed data
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
|
Research data subject to export controls
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
|
Credit card numbers
|
No
|
No
|
No
|
No
|
No
|
No
|
No
|
* To include these, the OneDrive/SharePoint must not have an external share and the share must be adequately controlled to least privilege, internal use only.
Should you have any questions, please reach out to your Departmental IT team if applicable or the UIT Service Desk.