The University, and its staff, have a responsibility to protect information they create.
Any information created, becomes a "record" and must be managed according to its sensitivity and value to the University to ensure it’s handled correctly. (Refer to: Records Management Policy)
The concept of "Information classification" then provides an easy way to assign sensitivity or value to a record (whether a document, IT system, book, photograph, etc) and is detailed in the University's Information Security Policy. It’s important to note that this policy requires all information assets be assigned a classification.
This classification, in turn, will impact the storage option you will be recommended.