Regulated Data is any data that is controlled by regulations that the University must comply with in storing, transmitting, or using that data. Before using any service to send, store, or share Institutional Data, review which systems are approved for regulatory compliance. The Regulated Data Chart helps you understand which software and systems are safe to store different types of Regulated Data in. These restrictions are often dictated by the security of the system as well as contractual agreements between the university and the service provider.
| Info | ||
|---|---|---|
| ||
How to interpret the Regulated Data ChartHover over or click on chart icons for more details about restrictions. |
Use Prohibited Education Records | Personal Data | Health Records | Bursar Records | Human Subjects Research | ||
| Paper | ||||||
|---|---|---|---|---|---|---|
| Paper files |
|
|
|
|
|
|
| Computing | ||||||
| CIS Managed Computers |
|
|
|
|
|
|
Personal / Non-Managed Computers |
|
|
|
|
|
|
| Mobile Devices |
|
|
|
|
|
|
| USB Drives (unencrypted) |
|
|
|
|
|
|
| USB Drives (encrypted) |
|
|
|
|
|
|
| Files Shares / Collaboration Services | ||||||
| JIRA |  |
|
|
|
|
|
SPU Wiki |
|
|
|
|
|
|
| SharePoint |
|
|
|
|
|
|
| Department File Share |
|
|
|
|
|
|
| SPU OneDrive for Business |
|
|
|
|
|
|
| OneDrive / Dropbox / Google Docs |
|
|
|
|
|
|
| Communications | ||||||
| MS Teams |
|
|
|
|
|
|
| Slack / Google Hangouts |
|
|
|
|
|
|
Office 365 SPU Email |
|
|
|
|
|
|
| Personal or non-SPU Email |
|
|
|
|
|
|
Education Records | Personal Data | Health Records | Bursar Records | Human Subjects Research | ||
| Academic Systems | ||||||
| Canvas |
|
|
|
|
|
|
TK20 |
|
|
|
|
|
|
| Zoom PRO / Panopto |
|
|
|
|
|
|
| Administrative Systems | ||||||
| Adobe Sign |
|  | |
|
|
|
| Banner |
|
|
|
|
|
|
| CBord Odyssey |
|
|
|
|
|
|
| Destiny One |
|
|
|
|
|
|
| JumpForward |
|
|
|
|
|
|
Medicat |
|
|
|
|
|
|
| PeopleGrove | | |
|
|
|
|
| Raiser's Edge |
|
|
|
|
|
|
| Slate |
|
|
|
|
|
|
| TerraDotta Study Abroad / ISSS |
|
|
|
|
|
|
| Tools | ||||||
| FormStack |
|
|
|
|
|
|
| Microsoft Forms |
|
|
|
|
|
|
Regulated and Confidential Data Definitions
FERPA (Education Records)
:Education records (i.e., files and documents which contain information related to an identifiable student) are protected by the Family Educational Rights and Privacy Act (FERPA). Examples: class lists, grade rosters, records of advising sessions, grades, financial aid applications. See SPU's Family Educational Rights and Privacy Act (FERPA) policy. Anchor
HIPAA (Health Records)
:Certain health information is protected by the Health Information Portability and Accountability Act (HIPAA) and is considered confidential if it is individually identifiable and held or transmitted by a covered entity. Examples: health records, patient treatment information, health insurance billing information. Use of HIPAA-covered data at SPU is highly restricted and limited to the Health Services clinic. See HIPAA to learn more.Anchor
Personally
Identifiable InformationIdentifiable Information (PII)
:Personal identifiers are Social Security numbers, birth dates, credit card numbers, driver’s license numbers, passport ID, bank account numbers and SPU ID number. These are considered confidential data when they appear in conjunction with an individual’s name or other identifier.Anchor
GLBA (Bursar Records)
:SPU's Bursar records are protected by GLBA (Gramm-Leach-Bliley/Financial Services Modernization Act) and also by FERPA. Anchor
Common Rule (Human Subjects)
:Sensitive Identifiable Human Subject Research: Information that reveals or can be associated with the identities of people who serve as research subjects. Examples: names, fingerprints, full-face photos, a videotaped conversation, or information from a survey filled out by an individual. Human Subject data is regulated by the Common Rule.