Storing sensitive data in a Cloud service

The University IS advice states that you must encrypt any medium or high risk data if you are going to upload it to a cloud service such as Dropbox. In theory, the Safe Harbour agreement between the US and the EEA should allow you to store material covered by DPA on Dropbox, but doubts of the efficacy of this agreement have been raised by some EU regulators. The Safe Harbour agreement has been declared invalid by the European Court of Justice (see Wikipedia). We do not recommend using Dropbox for anything other than low-risk data.

Apart from data security and legal worries, users have found some cloud sharing client software to behave unhelpfully or unpredictably with shared network filesystems such as our AFS home directories.

Further reading

• Storing data securely
• Data storage options
• Iain Rae's blog articles:
  • Is there a hole in your Dropbox?
  • Dropbox drops the box?
• The University's guidance on information security.
• The University's data protection policy.