Sensitive Data Storage and Transmission

ECU users are responsible for the protection of any sensitive data in their custody. This includes electronic, print, voice or any other form in which the data is captured.

Definitions for the data classification levels detailed below can be found here.

The storage and transmission mediums listed below represent those that are currently supported by ITCS and East Carolina University. If you wish to utilize something that does not appear on the list, you should contact ITCS before doing so.

If you are looking for Generative AI approved software, please click this link to the second table below.

Data TypeHIPAAITPAPCIFERPAHR/ PersonnelGDPR
Regulation LinkHIPAAITPAPCIFERPAHR/ PersonnelGDPR
Data Classification Level444333
Personally Owned StorageNoNoNoNoNoNo
CanvasNoNoNoYesNoYes
Cloud HostedData Owner and CIS Committee Approval Required.NoTouchnet is the only University-approved solution. Any other solution must be approved by Financial Services and ITCS.Data owner approval required.Yes; Data owner approval required.Data owner approval required.
Crash PlanYesNoNoData owner approval requiredData owner approval required.Data owner approval required.
DocuSignYes except for mobile application.YesNoYesYesYes
Faculty 180NoNoNoNoYesNo
FormstackNoData owner approval required.NoData owner approval required.Data owner approval required.Data owner approval required.
iTunes (SODM Course Content)NoNoNoNoNoNo
MyWeb.ecu.edu (faculty)NoNoNoNoNoNo
MyWeb.ecu.edu (Students)NoNoNoYes; Users should cautiously control access to any uploaded content. Media consent forms required.NoYes; Users should cautiously control access to any uploaded content. Media consent forms required.
Exchange and Teams Office 365 Web AppsYes except for external collaboration.NoNoYes; Exchanges of confidential student information becomes part of the educational record for former and current students. Office 365 Web applications can be used for instruction, sharing and collaboration with students. PirateID authorization required and special consideration should be given to understanding permissions and how to manage access. No other types of sensitive data are allowed.Yes; Exchanges and storage of confidential employee information becomes part of the official personnel records for former, current, and prospective employees. While the system is technically secure, employees should exercise good judgment when electing to store personnel information here. Records must be appropriately managed and adhere to the relevant records retention, privacy, and security requirements. Yes; Exchanges of confidential student information becomes part of the educational record for former and current students. Office 365 Web applications can be used for instruction, sharing and collaboration with students. PirateID authorization required and special consideration should be given to understanding permissions and how to manage access. No other types of sensitive data are allowed.
OneDrive for Business Part of ECU Office 365 SubscriptionYes except for external collaboration.YesNoYes; Exchanges of confidential student information becomes part of the educational record for former and current students.Yes; Exchanges and storage of confidential employee information becomes part of the official personnel records for former, current, and prospective employees. While the system is technically secure, employees should exercise good judgment when electing to store personnel information here. Records must be appropriately managed and adhere to the relevant records retention, privacy, and security requirements. Yes; Exchanges of confidential student information becomes part of the educational record for former and current students.
PanoptoNoNoNoYes; Media consent forms required. No copyrighted or sensitive data allowed.Follow video guidelines. Media consent forms required. Data owner approval required.Yes; Media consent forms required. No copyrighted or sensitive data allowed.
PiratedriveYesYesNoYesYesYes
Poll EverywhereNoNoNoYes; PirateID Authorization requiredNoNo
QualtricsNoNoNoNoNoNo
REDCapYes with Department Chair approval and, when research is being done, IRB approval.NoNoYes; Data owner approval requiredYesYes; Data owner approval required
SharePoint OnlineYes except for external collaboration.NoNoYesYes; Data owner approval required. While the system is technically secure, employees should exercise good judgment when electing to store personnel information here. Records must be appropriately managed and adhere to the relevant records retention, privacy, and security requirements.Yes
TeamDynamixNoYesNoNoNoNo
Turning technologies- Canvas LTINoNoNoYes; PirateID authorization requiredNoYes; PirateID authorization required
University Encrypted Storage Device (hard drive, data file, USB)Yes with CIS Committee approval.YesNoYes with Data Steward ApprovalNoYes
WebexYes, recording Webex Meetings containing PHI is strictly prohibited.NoNoYes; Media consent forms required. No copyrighted or sensitive data allowed.NoNo
WordPressNoNoNoYes; No copyrighted or sensitive data allowed.NoYes; No copyrighted or sensitive data allowed.
WordPress for CoursesNoNoNoYes; Course work: faculty may have blogs limited to viewing by students in courses using ECU-hosted WordPress.NoYes; Course work: faculty may have blogs limited to viewing by students in courses using ECU-hosted WordPress.
YammerNoNoNoYesNoYes
ZoomNoNoNoInstructional Use OnlyNoNo

Generative AI approved software and the data classification levels approved for that software.

Data TypeHIPAAITPAPCIFERPAHR/PERSONNELGDPRInternal
Regulation LinkHIPAAITPAPCIFERPAHR/ PersonnelGDPRLevel 2- Internal
Data Classification Level4443332
Generative AI SoftwareNoNoNoNoNoNoNo