What Types of Data Can I Store on My Sites (SharePoint Online) and OneDrive for Business? | Information Technology | University of Pittsburgh

You are here

What Types of Data Can I Store on My Sites (SharePoint Online) and OneDrive for Business?

My Sites (SharePoint Online) and OneDrive for Business provide robust security for the data you store. However, due to federal, state, and local laws and University policies and standards, they should not be used to store, collect, or share certain types of regulated and sensitive data. This includes data regulated by HIPAA and GLB. Please keep in mind that you are responsible for safeguarding University of Pittsburgh data stored on the computers, devices, and online services you use.

Data Type
Non-confidential or general business
De-identified human subject research
  Data that does not include any information which could be used to identify the individuals involved in the research.
Sensitive identifiable human subject research  
Any individually identifiable research data containing sensitive information such as information about mental health, genetics, alcohol and drug abuse, or illegal behaviors.
Student educational records (FERPA)
Grades, student transcripts, degree information, disciplinary records, and class schedules.
Protected health information (ePHI-HIPAA)  
Any unique identifying attribute, characteristic, code, or combination that allows identification of an individual, and that is combined with medical or health information. Examples include, but are not limited to, date of birth, date of death, email addresses, telephone numbers, and device ID numbers.
Social Security Numbers  
Gramm Leach Bliley (GLBA) student loans application information  
Student loan information, payment history, and student financial aid data
Payment card information (PCI)  
Cardholder name, account number, expiration date, verification number, and security code.
Export controlled research (ITAR, EAR)  
Data containing research on things such as chemical and biological agents, satellite communications, certain software or technical data, and work on formulas for explosives.
FISMA data  
Any government data that is regulated by the Federal Information Security Management Act, including VA data, FDA data, and Medicare data.