This guide aligns examples of data commonly used on campus with appropriate popular DIT provided services. It is not an exhaustive list of data or services; please reach out the Service Desk if you have any questions. 

Recommended reading

• IT Policies, Standards, and Guidelines
• UMD Privacy Policy
• Data Classification Standard

Top

Glossary

• SSN - Social Security Number
• PII - Personally Identifiable Information
• PHI - Protected Health Information
• HIPAA - Health Information Portability Protection Act
• CUI - Controlled Unclassified Information
• EAR - Export Administration Regulation
• ITAR -  International Traffic in Arms Regulation
• PCI - Payment Card Industry Security Standards

Top

‘Everyday’ tasks that involve Moderate and Low risk data

These services may be used for everyday tasks involving non-PII personnel records, non-PII student records which include grades, and certain approved non-HIPAA PHI. Should not be used for SSNs, Protected Health Information, and other high risk PII.

• Google Workspace
  
  • Gmail 
  • Google Drive
  • Google Forms
• ELMS-Canvas
• Lecture Capture (Panopto)
• Survey Tool (Qualtrics)

Top

High risk data

The following services may be used for use cases that involve PII, such as SSNs, Drivers License Numbers, most non-HIPAA PHI, etc., and other sensitive information. If storing datasets (a file containing records about multiple individuals), limit the number of records per dataset to 250.  

• Network Storage (Isilon)
• Secure Share
• UMD Box
• Adobe Sign 
• Data Backups (Spectrum Protect)
• Workstation Backups (Code42)

Top

Restricted data

Access to some data is strictly controlled and restricted by laws, regulations, or contracts. Only approved systems should be used for storing these data.  

• PCI - solutions approved by the campus PCI Governance group
• HIPAA - UMD is a hybrid entity and HIPAA use cases are extremely isolated (UHC and HESP); PHI (as defined by HIPAA) should only ever exist in approved covered component information systems. There may be limited exceptions for Secure Share when communications need to be made outside of the covered component system.
• EAR/ITAR - CUI Environment
• CUI - CUI Environment

Top