Regulated Data Chart
Before using any Cornell service to send, store, or share institutional information, review Regulated Data: Guidelines for Campus IT Software and Services.
Using the Regulated Data Chart
The Regulated Data Chart provides guidance to help you choose appropriate technology tools for sending, storing, and sharing institutional information. Before choosing a tool to send, store, or share institutional information, ask two questions:
- Question 1: Does the Regulated Data Chart permit use of this IT service with the data type I am interested in working with?
- Question 2: Do my department/unit policies and my data steward permit use of this IT service with the data type I am working with and for the way(s) I am using the data? If you don't know, check with your supervisor. See University Policy 4.12 (Data Stewardship and Custodianship) for the list of data stewards.
If the answer to both questions is yes, you may use the IT tool to send and store the university data in question.
Important notes for chart users:
- Information in the Regulated Data Chart applies exclusively to Cornell's enterprise version of the service listed. It does not extend to consumer or personally acquired versions of these services, or to third-party applications associated with these services. You must use Cornell's enterprise version to be in compliance with legal, contractual, and policy rules surrounding Cornell's institutional information.
- The Regulated Data Chart does not apply to data associated with faculty research unless that research falls under a regulation or contract.
- Your department/unit policies and your data steward ultimately govern whether you can use a particular service to send, store, or share regulated data. The guidance of the Regulated Data Chart by itself is not sufficient.
- Use Permitted: No technical, policy, or contractual issues exist that prohibit use of this data type with this service. You may send, store, or share the regulated data type with this service if your data steward and your department/unit policies permit you to do so.
- Use Restricted: Use of this service with the regulated data type is restricted and approval is required. Refer to the instruction in the Regulated and High-Risk Data Definitions at the bottom of this page.
- Use Prohibited: Use of this service with the regulated data type is prohibited. Do not use this service to send, store, or share the regulated data type.
| Title | Category | FERPA | HIPAA | High-Risk Identifiers | GLBA | Human Subjects | Restricted Research Data | Secure Use |
|---|---|---|---|---|---|---|---|---|
| Office 365 SharePoint | Collaboration Services | Permitted | Prohibited | Prohibited | Prohibited | Restricted | Restricted | HIPAA – This status does not apply to the separate instance at Weill Cornell Medical College. |
| Office 365 Online (Word, Excel, PowerPoint, OneNote) | Collaboration Services | Permitted | Prohibited | Prohibited | Prohibited | Restricted | Restricted | HIPAA – This status does not apply to the separate instance at Weill Cornell Medical College. |
| TeamDynamix | Service Management Suite | Permitted | Prohibited | Prohibited | Prohibited | Restricted | Restricted | |
| Webcasting | Event Support and Media | Permitted | Prohibited | Prohibited | Prohibited | Restricted | Restricted | |
| Digication | ePortfolio | Permitted | Prohibited | Prohibited | Prohibited | Restricted | Restricted | |
| Office 365 (Outlook Email) | Prohibited | Prohibited | Prohibited | Prohibited | Restricted | Restricted | HIPAA – This status does not apply to the separate instance at Weill Cornell Medical College. |
|
| Cornell Google Workspace for Faculty/Staff -- Gmail | Permitted | Prohibited | Prohibited | Prohibited | Prohibited | Restricted | ||
| Cornell Google Workspace for Students -- Gmail | Permitted | Prohibited | Prohibited | Prohibited | Prohibited | Restricted | ||
| LabArchives | Electronic Lab Notebooks | Permitted | Prohibited | Prohibited | Prohibited | Restricted | Restricted | |
| OneDrive for Business | Collaboration Services | Permitted | Prohibited | Prohibited | Prohibited | Restricted | Restricted |