Types of institutional data appropriate for Microsoft 365 at IU and Google at IU

Individuals who work with institutional data are responsible for ensuring that those data are stored in approved locations. In addition, regulated data such as health information or personally identifiable information are often subject to federal and state laws (for example, HIPAA and FERPA) that require users to apply additional security measures.

In accordance with laws and university policies that protect the privacy and security of institutional data, applications provided by the Microsoft 365 at IU and Google at IU services are appropriate for work with institutional data as follows:

Microsoft 365 and Google at IU applications are not appropriate for the following types of sensitive institutional data:

  • Credit card or Payment Card Industry (PCI) data
  • Information regulated by Export Control Laws, such as certain types of research or information about restricted items, technology, or software (see Office of Research Compliance: Export Control)
  • Controlled Unclassified Information (CUI)
  • Advancement data such as donor gift agreements, donor wealth information, and detailed donor giving information are not approved for these environments.

Official classifications for institutional data at IU are defined in Management of Institutional Data (DM-01). If you have questions about the classifications of institutional data at IU, see Classification levels of institutional data, use the Data Sharing and Handling (DSH) tool, or contact the appropriate Data Stewards. To determine the most sensitive classification of institutional data you can store on any given UITS service, see Choose an appropriate storage solution.

Information classification levels may or may not correspond to the applicable regulation; for example, some information regulated by the Family Educational Rights and Privacy Act (FERPA) may be classified as Restricted, while other types of FERPA-regulated information are classified as Critical. Also, some information may be protected under multiple state and federal regulations (for example, Social Security numbers may be protected under HIPAA, FERPA, and/or state law.) Confirm the Classification levels of institutional data you are working with prior to uploading.

For information about working with sensitive institutional data at IU, see:

For more about health information, see:

This is document bger in the Knowledge Base.
Last modified on 2023-06-01 13:09:28.