Using Cloud Services Safety

Cloud services are very popular now and are used for a variety of purposes such as storing documents and photos, online banking or running web applications.

Examples of Cloud services:

  • Microsoft OneDrive for storing files
  • Dropbox for storing files
  • Eventbrite for booking or creating events
  • Facebook for sharing social media posts
  • Doodle for creating online polls

For University data you should currently use Teams, your University Microsoft OneDrive or a University Group Workspace.

The University has specific contracts agreements with Microsoft to only store data within the European Economic Area (EEA) however this won't necessarily apply to if you sign up to the equivalent personal account.

You need to consider where data is being stored for example storing work data on a personal Dropbox or Google Drive would not meet the University's data protection objectives. Data could be stored outside the EU who may have their own data privacy laws.

Tips to consider when using Cloud Services

When storing your personal non-university data, consider:

  • Read though privacy policy for the cloud service as it will have information about where your data will be store and processed
  • Consideration of where your data will be stored e.g. Eventbrite processes data outside EEA;
  • Who owns the data when it is uploaded to the cloud;
  • How data is secured in the cloud;
  • Who had access to the data in the cloud;
  • How often the data is backed up;
  • What happens to your data if cloud company goes bankrupt or gets taken over?
  • The category of data you can store on public cloud services e.g. work or sensitive data
  • Is data sent and retrieved from the cloud securely i.e. encrypted so it cannot be eavesdropped?
  • Is there a Privacy Shield or model clause agreements for data sent outside the EEA;
  • Do third parties have to access to data e.g. an Microsoft Office AddOn that accesses your Office 365 account data such as your contacts;
  • If possible encrypt your data before it is transferred to cloud storage for additional security
  • Ensure you use an unique complex password to access your account;
  • Enable 2FA/MFA authentication to protection your cloud account if it’s available.
Policy