Service Description
The Desktop Backup Service is a cloud-based service that automatically backs up critical data stored on an individual's university-owned computer. It is powered by Code42 (formerly CrashPlan). It is intended to back up files that are not stored on or synchronized to a network drive or clould-based service such as U-M Google or U-M Box. The Desktop Backup service is available to all campus units.
Compliance
Desktop Backup uses an encrypted cloud service—Code42 (formerly CrashPlan)—that U-M has contracted for. This means the service can be used to maintain or share the university's sensitive unregulated data, as well as some kinds of sensitive regulated data.
U-M's agreement with CrashPlan includes a Business Associate Agreement. This means individuals may use this service to maintain Protected Health Information (PHI) regulated by HIPAA. Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in CrashPlan are responsible for complying with HIPAA safeguards, including:
- Using and disclosing only the minimum necessary PHI for the intended purpose.
- Obtaining all required authorizations for using and disclosing PHI.
- Ensuring that PHI is seen only by those who are authorized to see it.
- Obtaining all necessary data-sharing agreements and Business Associate Agreements for using and disclosing PHI.
- Following any additional steps required by your unit to comply with HIPAA.
Social Security numbers should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as the Data Warehouse. Information Assurance (IA) can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you. (Contact IA via the ITS Service Center.)