This guide aligns examples of data commonly used on campus with appropriate popular DIT provided services. It is not an exhaustive list of data or services; please reach out the Service Desk if you have any questions.
IT Policies, Standards, and Guidelines
SSN - Social Security Number
PII - Personally Identifiable Information
PHI - Protected Health Information
HIPAA - Health Information Portability Protection Act
CUI - Controlled Unclassified Information
EAR - Export Administration Regulation
ITAR - International Traffic in Arms Regulation
PCI - Payment Card Industry Security Standards
These services may be used for everyday tasks involving non-PII personnel records, non-PII student records which include grades, and certain approved non-HIPAA PHI. Should not be used for SSNs, Protected Health Information, and other high risk PII.
The following services may be used for use cases that involve PII, such as SSNs, Drivers License Numbers, most non-HIPAA PHI, etc., and other sensitive information. If storing datasets (a file containing records about multiple individuals), limit the number of records per dataset to 250.
Access to some data is strictly controlled and restricted by laws, regulations, or contracts. Only approved systems should be used for storing these data.
PCI - solutions approved by the campus PCI Governance group
HIPAA - UMD is a hybrid entity and HIPAA use cases are extremely isolated (UHC and HESP); PHI (as defined by HIPAA) should only ever exist in approved covered component information systems. There may be limited exceptions for Secure Share when communications need to be made outside of the covered component system.
EAR/ITAR - CUI Environment
CUI - CUI Environment