UBbox folders containing restricted data must be owned by a UBbox Restricted Data Account (USDA) for non-HIPAA-related data or a UBbox HIPAA Data Account (UHDA) for HIPAA-regulated data.
These accounts are exception accounts created by UBIT. Using USDA and UHDA accounts allows for targeted auditing and monitoring of restricted data folders and prevents the loss of data that would result if an individual owned the folder and left the university.
Once approval is granted, UBIT will create the USDA or UHDA. UBIT will also create a restricted data folder with the default security configuration described in this document. The folder will be owned by the restricted data account and co-owned by the data stewards as well as the appropriate security/privacy officials. UBIT will establish the default set of restricted data monitoring and alerting for the new folder.
Restricted data folders will be owned by a USDA or UHDA. Individuals with access to the restricted data folders will interact with the data in the folder using their personal UBIT account. Folder owners may assign additional individuals in co-owner roles in order to manage folders.
Note that once UBIT has provisioned a restricted folder and associated monitoring all management and monitoring of the restricted data folder is the sole responsibility of the data steward. UBIT does not manage or monitor restricted data folders.