Regulated Data is any data that is controlled by regulations that the University must comply with in storing, transmitting, or using that data. Before using any service to send, store, or share Institutional Data, review which systems are approved for regulatory compliance. The Regulated Data Chart helps you understand which software and systems are safe to store different types of Regulated Data in. These restrictions are often dictated by the security of the system as well as contractual agreements between the university and the service provider.
Human Subjects Research
|CIS Managed Computers|
Personal / Non-Managed Computers
|USB Drives (unencrypted)|
|USB Drives (encrypted)|
|Files Shares / Collaboration Services|
|Department File Share|
|SPU OneDrive for Business|
|OneDrive / Dropbox / Google Docs|
|Slack / Google Hangouts|
Office 365 SPU Email
|Personal or non-SPU Email|
Human Subjects Research
|Zoom PRO / Panopto|
|TerraDotta Study Abroad / ISSS|
Regulated and Confidential Data Definitions
FERPA (Education Records): Education records (i.e., files and documents which contain information related to an identifiable student) are protected by the Family Educational Rights and Privacy Act (FERPA). Examples: class lists, grade rosters, records of advising sessions, grades, financial aid applications. See SPU's Family Educational Rights and Privacy Act (FERPA) policy.
HIPAA (Health Records): Certain health information is protected by the Health Information Portability and Accountability Act (HIPAA) and is considered confidential if it is individually identifiable and held or transmitted by a covered entity. Examples: health records, patient treatment information, health insurance billing information. Use of HIPAA-covered data at SPU is highly restricted and limited to the Health Services clinic. See HIPAA to learn more.
Personally Identifiable Information (PII): Personal identifiers are Social Security numbers, birth dates, credit card numbers, driver’s license numbers, passport ID, and bank account numbers. These are considered confidential data when they appear in conjunction with an individual’s name or other identifier.
GLBA (Bursar Records): SPU's Bursar records are protected by GLBA (Gramm-Leach-Bliley/Financial Services Modernization Act) and also by FERPA.
Common Rule (Human Subjects): Sensitive Identifiable Human Subject Research: Information that reveals or can be associated with the identities of people who serve as research subjects. Examples: names, fingerprints, full-face photos, a videotaped conversation, or information from a survey filled out by an individual. Human Subject data is regulated by the Common Rule.