Skip to end of metadata
Go to start of metadata

Regulated Data is any data that is controlled by regulations that the University must comply with in storing, transmitting, or using that data.  Before using any service to send, store, or share Institutional Data, review which systems are approved for regulatory compliance.  The Regulated Data Chart helps you understand which software and systems are safe to store different types of Regulated Data in.  These restrictions are often dictated by the security of the system as well as contractual agreements between the university and the service provider.

How to interpret the Regulated Data Chart

Hover over or click on chart icons for more details about restrictions.

(tick) Use Permitted  - No technical, policy, or contractual issues exist that prohibit use of this data type with this service. You may send, store or share the regulated data type with this service if your data steward and your department/unit policies permit you to do so.

  Use Restricted  -  Use of this service with the regulated data type is restricted and approval is required. To use this service or to learn more about the restrictions in place, contact the CIS Business Systems Team .

(error) Use Prohibited  - Use of this service with the regulated data type is prohibited. Do not use this service to send, store or share the regulated data type.



FERPA

Education Records

PII / Internal Data

Personal Data

Confidential Data


HIPAA

Health Records

GLBA

Bursar Records

Common Rule

Human Subjects Research

Paper





Paper files

(tick) 

(tick) 

Computing





CIS Managed Computers

(tick) 

(tick) 

Personal / Non-Managed Computers

Mobile Devices

USB Drives (unencrypted)

USB Drives (encrypted)

Files Shares / Collaboration Services
JIRA

SPU Wiki

(tick) 


SharePoint

(tick) 

(tick) 

Department File Share

(tick) 

(tick) 

SPU OneDrive for Business

(tick) 

(tick) 

OneDrive / Dropbox / Google Docs

Communications
MS Teams

(tick) 

(tick) 

Slack / Google Hangouts

Office 365 SPU Email

(tick) 

Personal or non-SPU Email


FERPA

Education Records

PII / Internal Data

Personal Data

Confidential Data


HIPAA

Health Records

GLBA

Bursar Records

Common Rule

Human Subjects Research

Academic Systems
Canvas

(tick) 

(tick) 

TK20 

(tick) 

(tick) 

Zoom PRO / Panopto

(tick) 

(tick) 

Administrative Systems
Adobe Sign

(tick) (tick) 

Banner

(tick) 

(tick) 

(tick) 

(tick) 

CBord Odyssey

(tick) 

(tick) 

Destiny One

(tick) 

(tick) 

(tick) 

JumpForward

(tick) 

(tick) 

Medicat

(tick) 

(tick) 

(tick) 

PeopleGrove(tick) (tick) 

Raiser's Edge

(tick) 

(tick) 

(tick) 

Slate

(tick) 

(tick) 

(tick) 

TerraDotta Study Abroad / ISSS

(tick) 

(tick) 

(tick) 

(tick) 

Tools
FormStack

Microsoft Forms

(tick) 

Regulated and Confidential Data Definitions

FERPA (Education Records):  Education records (i.e., files and documents which contain information related to an identifiable student) are protected by the Family Educational Rights and Privacy Act (FERPA). Examples: class lists, grade rosters, records of advising sessions, grades, financial aid applications. See SPU's  Family Educational Rights and Privacy Act (FERPA) policy. 

HIPAA (Health Records):  Certain health information is protected by the Health Information Portability and Accountability Act (HIPAA) and is considered confidential if it is individually identifiable and held or transmitted by a covered entity. Examples: health records, patient treatment information, health insurance billing information. Use of HIPAA-covered data at SPU is highly restricted and limited to the Health Services clinic. See HIPAA to learn more.

Personally Identifiable Information (PII):  Personal identifiers are Social Security numbers, birth dates, credit card numbers, driver’s license numbers, passport ID, and bank account numbers. These are considered confidential data when they appear in conjunction with an individual’s name or other identifier.

GLBA (Bursar Records):  SPU's Bursar records are protected by GLBA (Gramm-Leach-Bliley/Financial Services Modernization Act) and also by FERPA. 

Common Rule (Human Subjects):  Sensitive Identifiable Human Subject Research: Information that reveals or can be associated with the identities of people who serve as research subjects. Examples: names, fingerprints, full-face photos, a videotaped conversation, or information from a survey filled out by an individual. Human Subject data is regulated by the Common Rule.



  • No labels