sinclair.edu / my.sinclair / Log In

Use of Externally Provided IT Resources

Commercial “cloud” providers offer convenient services and resources such as global access, data sharing, and ubiquitous file storage. However, commercial “cloud” use requires careful and deliberate consideration to ensure it is an appropriate solution for college data and sensitive/confidential information. Before choosing to store information on a non-Sinclair provided resource, users must carefully consider

  • the sensitivity and critical nature of the information and
  • any applicable privacy and security policies, laws, regulations or other restrictions.

Questions related to whether the use of cloud resources (Google Drive, Dropbox, Box, etc.) is an appropriate tool for your storage needs should be addressed by supervisors/managers. IT and Legal should be consulted as needed.

Privacy and security

  • Cloud providers may be appropriate to store non-critical, non-confidential, or non-sensitive information. However, faculty, staff, and students must assess the relevance of privacy regulations, Federal law (particularly FERPA), contractual obligations, and grant restrictions before moving College-related files and data to any non-Sinclair provided storage solution.
  • Consider the nature of the information:
    • College policy dictates that sensitive personal, non-public information (e.g., Social Security numbers, credit card numbers, or confidential educational records) stored on non-IT managed media must be encrypted. Cloud providers do not typically provide an encrypted storage solution.
    • Other sensitive personal information: The College must comply with numerous federal, state, and industry-specific regulations. Many regulations dictate how data can be accessed and where it can be stored. For example, it is not appropriate to store credit card data on cloud services such as dropbox.
    • If the College does not have a contract with the cloud provider, student records and other information regulated by FERPA is prohibited from being stored via cloud services.
  • Other considerations for use of cloud providers include, but are not limited to:
    • Service availability: The provider may or may not be able to deliver effective service consistently.
    • Data Security: The provider may or may not have effective management controls in place: oversight of third parties, adequate insurance, disaster recovery and business continuity plans.
    • Data ownership/Terms of use: Terms of use should specify data ownership, data disposition, how terms may be changed (and user options), and other information specifically related to how the information service is used.
    • Other: Should also address contingencies such as company failure/transfer, discontinuation of service, dispute resolution procedures, a state of incorporation, etc.