What Types of Data Can I Store on SharePoint Online and OneDrive for Business?

SharePoint Online and OneDrive for Business provide robust security for the data you store. However, due to federal, state, and local laws and University policies and standards, they should not be used to store, collect, or share certain types of regulated and sensitive data. This includes data regulated by HIPAA and GLB. Please keep in mind that you are responsible for safeguarding University of Pittsburgh data stored on the computers, devices, and online services you use.

Data Type
Permitted
Not-Permitted
Examples
Non-confidential or general business
   
De-identified human subject research
  Data that does not include any information which could be used to identify the individuals involved in the research.
Sensitive identifiable human subject research  
Any individually identifiable research data containing sensitive information such as information about mental health, genetics, alcohol and drug abuse, or illegal behaviors.
Student educational records (FERPA)

 

 
Grades, student transcripts, degree information, disciplinary records, and class schedules.
Protected health information (ePHI-HIPAA)  
Any unique identifying attribute, characteristic, code, or combination that allows identification of an individual, and that is combined with medical or health information. Examples include, but are not limited to, date of birth, date of death, email addresses, telephone numbers, and device ID numbers.
Social Security Numbers  
123-45-6789
Gramm Leach Bliley (GLBA) student loans application information  
Student loan information, payment history, and student financial aid data
Payment card information (PCI)  
Cardholder name, account number, expiration date, verification number, and security code.
Export controlled research (ITAR, EAR)  
Data containing research on things such as chemical and biological agents, satellite communications, certain software or technical data, and work on formulas for explosives.
FISMA data  
Any government data that is regulated by the Federal Information Management and Security Act, including VA data, FDA data, and Medicare data.
Tags: SharePoint Online Sensitive Information Data Storage