About The Data Sensitivity Guide

The purpose of this guide is to inform you of what data is and is not acceptable to store in each service based on requirements, type, and specific contract protections. You have the option to select a data type or service, then click Go! For data types, you will see a description of the data type and a table outlining which services can store that sort of data. For a service, you will see a description of the cloud service and a table of data types that are permitted to be stored within the service.

While cloud services provide an efficient way to store data, access files, and develop and host applications, it is important to protect the privacy and security of information and mitigate risks across UC Davis. Data needs to be protected to prevent theft, compromise, or inappropriate use. The level of protection is driven by legal, academic, and operational requirements, and is based on the criticality and risk levels of the data.

The guidance provided here applies only to UC Davis owned and managed machines using university contracted services. Personal machines or services not under a UC Davis contract should never be used to maintain or share the university's sensitive data. Also, the UC Davis Health System has its own guidelines for data and cloud services, as such these guidelines do not pertain to them.

For a list of vendor risk assessments that may inform or impact this list, please visit https://iet.ucdavis.edu/vendor-risk-assessment