Store sensitive information securely There are many options available to help you store sensitive information securely.

Guidance

If you would like guidance, contact the ICT Security team via the ICT Service Desk.

In particular, you must discuss your requirements before processing patient identifiable data on the Imperial College London network and address relevant College Data Protection Policies. Read more at: Information Systems Security

Options for storing sensitive information

College secure central space/group space

College allocates personal file space on the network to all members, called a Home directory or H: drive. Your H: drive is backed up daily, so if you accidentally delete a file or folder, you can check for previous saved versions and restore the lost file yourself.

Secure group and research storage space can also be provided.

Cloud storage

Know the risks with using consumer cloud storage providers (Dropbox, Google Drive etc.)

There are benefits to using cloud storage providers, including the ability to easily share and sync documents across multiple devices and potentially with external collaborators. However, many consumer web-based cloud storage providers (Dropbox, Google Drive etc.) do not encrypt (protect) data adequately. This means data could be accessed, shared or lost and there have been a number of high profile cases of personal data infringements reported in the press due to storing data and photos on cloud platforms.

Data stored with cloud service providers is outside of your control, meaning that the company could change their terms and conditions or upgrade their hardware or software without your permission or knowledge. In the past, problems with upgrades have caused data to be exposed on the Internet. Your data may be stored outside the European Union, meaning that is it subject to local not UK law. This could enable third parties in other countries to access your data.

Access to cloud storage data could also be removed at any time and this is also outside of your control. This could result in your account and any related data being deleted. So, if you are storing sensitive or confidential College data on one of these platforms, you may be breaching College policy. This could result in legal action and fines against you and College.

Encrypt data stored in the cloud: nCrypted Cloud

Encrypting data makes the information unreadable, it can only be read using a secret key to unlock it, called decryption. If you do use Dropbox or Google Drive, you run the risks above. However, to offer some level of protection we recommend that you use nCrypted Cloud, software which enables you to encrypt data to prevent third parties and unauthorised users from reading your data by scrambling the contents. Find out how to install nCrypted Cloud software: Encrypt data stored in the cloud.

College's OneDrive for Business cloud storage

We facilitate provision of OneDrive for Business. This cloud-based service is not like other consumer cloud service providers (Dropbox, Google Drive etc.), which you can't be sure are secure.

OneDrive for Business space is authenticated to meet College's high standards for data security and resilience ensuring compliance to ISO27001, HIPAA and FISMA, US-EU Safe Harbor framework, EU Data Protection Directive model clauses. Our contract with Microsoft ensures that data is only held in the EU. Your data can only be accessed or viewed by you as the owner of the file, or those you choose to give permissions to for collaboration and not by Microsoft or anyone else.

Read more about Microsoft 365 software and OneDrive for Business:

Removable media

Using removable media such as USB keys, hard drives, memory cards and DVDs have a number of risks associated with them and so, should be carefully considered as an option before use.

Removable media can store vast amounts of information but, due to their design and portability, they are very easy to steal or lose. If the device contains sensitive data then it should be protected to prevent misuse.

If you find a device or are given data on removable media from an unknown source, do not connect it to your computer. It may contain malware that could infect your machine. 

Any removable media device that is used to store data should be password-protected and the information stored on it encrypted, to prevent misuse. And, if you must use a USB device, make sure it's not your only copy!

Read more about encrypting removable media at: Encrypt sensitive information