Skip to main content

Data Management

Resources in documenting, storing and preserving research data

Data Security at SJSU

The Information Security Office at SJSU works to secure any data produced/stored/obtained as a result of employment at the university or attending the university as a student. The Information Security Office classifies data into three different levels, depending on the risk associated with a potential breach. The level assigned to your research data will impact your storage options.

Level Risk Examples
1 High

Information that can personally identify someone, such as:

  • SSN
  • Birth date
  • Health insurance information
  • Biometric information (fingerprints, DNA, etc.)
2 Moderate

Information that is not publicly available, but is also not as high risk as Level 1:

  • Student information (grades, schedule, etc.)
  • Employee information (net salary, personal contact information, etc.)
  • Trade secrets and intellectual property
  • Information covered by a specific non-disclosure agreement
3 Low

Information that is publicly available, such as:

  • TowerID
  • Employee information (gross salary, work email and phone, etc.)
  • Daily temperature readings

For more information, see the Information Classification Cheat Sheet, or contact the Information Security Officer at 408-924-1705 or security@sjsu.edu.

Use a Combination of Storage Strategies for Working Storage & Backups

Option Cloud or Local    Cost               Security          Notes         

Google Drive

Cloud

Free for actively enrolled students, faculty and staff

Approved for Level 2 and Level 3 data.

Be careful -- if you leave the university, remember to back up your Google Drive. Otherwise, the information will be lost.

Try to use Google Team Drives, as these are maintained regardless of whether team members leave the university.

Campus IT Virtual Servers

Local

No additional cost to administrative units on campus.

Use for teaching/learning: $3,000.00 per server per year.

Approved for Level 1 data.

-

Campus IT Co-Location Services (Physical Servers, including College Server Rooms)

Local

Server Co-Location is an Information Technology Baseline service and is offered at no additional cost to administrative units on campus.

Teaching & Learning servers can be co-located in the data center for $100 per physical server per month (Up to 7).

College servers may be used at no additional cost to their faculty.

Approved for Level 1 data if the server is physically located in a certified data center (Computer Center, Research Foundation).

Otherwise approved for Level 2 and Level 3 data.

Physical servers are not approved to be installed in facilities not owned/operated by Campus IT.

Not all colleges have server space for research data; contact departmental IT for more information.

External Hard Drive, Portable Media (flash drive, CD, DVD)

Local Varies

Approved for Level 2 and Level 3 data.

Approved for Level 1 data with encryption.   

Best for short-term storage (1-5 years).

Be careful about physical security -- if you care about it, lock it up!

Desktops, Laptops, Tablets

Local Varies

Approved for Level 2 and Level 3 data.

Approved for Level 1 data with encryption.  

Recommended only for very short-term storage.  Most departments do not back up desktops, laptops and tablets. They are vulnerable to disaster and easily stolen.

Cloud Servers and Services (Dropbox, Box, Non-SJSU Google, AWS, RackSpace, Microsoft Azure, etc.)

Cloud Varies

Approved for Level 3 data.

Approved for Level 2 or Level 1 data only if service has been procured by the University (not via reimbursement), the contract is on file with Procurement Office, and the departmental IT Team is responsible for security of the server.

Consider your intellectual property rights as a researcher when engaging 3rd party cloud solutions, as there will be no written agreements between the university and solution provider.

Typically cloud providers, especially those providing free services, reserve the right to access and reproduce your data.