IT Data Protection Policy

Locally stored files on Emerson-owned desktop computers (including staff/faculty office machines and lab machines) are only backed up in specially requested circumstances. Outside of these circumstances, it should be assumed that local desktop data, or local data saved to items such as vendable iPads and laptops, is unprotected and not backed up. Staff and Faculty are instructed to save their data to Emerson's secure, shared file server "Cabinet" to ensure that their files are backed up and protected. Students are instructed to save to the student file server, "Pages", for the same benefits.

As of Spring 2014, to aid in preventing compromised data from lost or stolen devices, all Emerson-owned laptops and desktops are encrypted by IT, unlockable only by the user and IT administrators. Sensitive data must never be stored on personally owned devices, such as phones, laptops, tablets, or computers. Examples of sensitive data include: FERPA protected student data, confidential medical information, or personnel information concerning any employee or student, such as social security numbers or credit card numbers. For more on mobile and pocket devices, please see the Mobile Device Security Policy.

Data stored on Emerson College servers that are managed by Information Technology are backed up nightly. This includes but is not limited to files on Cabinet and Pages, Banner databases, e-mail, and web content. Backups are sent to an off-site data center weekly and retained for 180 days.

Journalism, VMA, extracurricular, and other high-end media users store files, video, and media on the Isilon storage system. Data that exists on the Isilon is exempt from offsite backup because of the large file sizes.

Cabinet, Pages, and Isilon retain previous versions of files for several days in the event of accidental loss or deletion and can be recovered. Note that this does not protect data if these servers are physically harmed or destroyed.

File server data is locked to the appropriate department or user with security permissions managed by IT. Operational changes to these security permissions, such as allowing a new employee access to a locked directory, can be requested by supervisors at the director level or higher. Under the instruction of the Emerson College Police Department, General Counsel, and/or two Vice Presidents, IT may retrieve college-owned data for legal investigations or other business use. Emerson College respects the privacy of its users' data.

Emerson College community members may use their assigned e-mail, Cabinet, Pages, and workstation for incidental or personal use with this knowledge, provided it does not interfere with college business. For training guides and documentation on accessing and using Cabinet, Pages, e-mail, Isilon, encrypted devices, and mobile applications, please visit it.emerson.edu.