Security, Encryption, Storage & Backups


Data Security is the protection of data from unauthorized access, use, change, disclosure and destruction.  UVa classifies data as either highly sensitive, moderately sensitive, or non-sensitive (public), and the requirements for data security are different for each one. The University Data Protection Standards provides guidance on the requirements for each type.

Make sure your data is safe in regards to:

  • Network security
    • Keep confidential data off the internet
    • Put highly sensitive materials on computers not connected to the internet
  • Physical Security
    • Restrict access to buildings and rooms where computers or media are kept
    • Only let trusted individuals troubleshoot computer problems
  • Computer Systems & Files
    • Keep virus protection up to date
    • Don’t sent confidential data via e-mail or FTP (use encryption, if you must)
    • Use strong passwords on files and computers


Encryption offers protection by scrambling data, so only the owner of the key or password can read the data.  UVa offers two types of encryption: the Virtual Private Network (VPN) and Hard Drive and/or File Encryption.

VPN: A VPN scrambles data as it is transmitted between your mobile device and a server. This allows you to access sensitive data securely stored on a remote server.

Hard Drive: When you have no option other than to store sensitive data on your hard drive, and such storage has been approved, you must encrypt your hard drive or the relevant files on your hard drive. If you lose your computer or electronic media, the encryption will protect the data, and render it invisible to anyone but you, since you alone know the password.

Windows computers should use the Bitlocker utility which can encrypt both full drives and folders.  Mac computers should use the Disk Utilitywhich can create encrypted folders, or FileVault which can encrypt full disks.

Additional information about protecting sensitive data and the options that are approved by UVa.

Information Security Office (ISPRO)

UVa policy IRM-015: Electronic Storage of Highly Sensitive Data.


Active Data Storage is a key component of your research data management strategy.  Active data are the data that you are collecting and analyzing for your research project.  Never rely on a single copy of data.  Keep your source (primary, or raw) data separate from your active data, and always make a copy of it prior to working on the data.  Document your data storage strategy.

Best Practice is to follow the 3-2-1 Rule: keep 3 copies of your files in 2 different locations, with 1 copy off-site, ideally in a different geographic zone. Accidents DO happen: hardware fails, media deteriorates, drives are lost, computers are stolen, data files are corrupted by viruses, power failures and even human errors.

CD’s and DVD’s are not reliable as long-term storage options.  Their life expectancy is only 2-5 years, and they need to be stored under the appropriate environmental conditions. Hard drives have a life expectancy of 4-6 years.  USB (thumb) drives are not a good option.  They are easily lost and stolen.

Things to consider when selecting how and where to store your data:

  • data protection
  • confidential or restricted data
  • ease of access
  • collaboration – internal or external
  • volume of data
  • networked, cloud, or desktop

Storage Options

Storage Options:

Which option is right for you and your data?  That will depend on your answers to the items to consider in the previous section.

Data Protection: Protect the integrity of the data, access to the data, and the system that holds the data.

Confidential or Restricted data: Is your data non-sensitive, moderately sensitive, or highly-sensitive?  Are you working with confidential or restricted data? Do you have IRB requirements or a data agreement?

Ease of Access: How important is it to be able to easily access the data?

Collaboration – internal or external: Do other researchers need to access the active data?  Are they at UVa, or at another institution?

Volume of Data: How much data do you need to store?  5MB, 5TB, 5PB?  Does all of it need to be immediately accessible?

Networked, Cloud or Desktop: Which option works best for you and your data?  Are their institutional guidelines or restrictions?  Does your department or institution provide storage?


Backups are a key component of your research data management strategy.  Regular backups protect against the risk of damage or loss due to hardware failure, software or media faults, viruses or hacking, power failure, theft, or even human errors.  Backup often.  Select a schedule that works for you, and follow it.  Use a reliable medium and test your backups periodically by testing file restores.  Check the integrity of the data using checksum validation.  Document your data backup policy.

Does all this seem overwhelming? Contact us and we can help you get the process started.


UVa Box is a cloud-based storage and collaboration service that gives eligible members of the University community the ability to access, store, and share up to 1 TB of non-sensitive and/or moderately sensitive University files securely—anywhere, anytime, on any device.  It is free, and there are Apps available that extend its functionality to Macs, PCs, iPhones, iPads, Androids, Blackberries, and many more.

To get started with Box simply go to and login using NetBadge.

What can I store in my UVa Box account?  What are my responsibilities? How do I upload files, send files as links, and manage my files?

UVa Box FAQs are a good place to start when you have additional questions.

Box has extensive Help available, and a users Community.