Data Sensitivity and Usage Statement
|Data Type||PennCloud Compute||Penn+Box||Google Apps||AWS|
|Non-Confidential University Data||YES||YES||YES||YES|
|Social Security Number||NO||NO||NO||NO|
|Credit Card Data||NO||NO||NO||NO|
|Human subject research data||With IRB approval||With IRB approval||With IRB approval||With IRB approval|
|All Other Confidential University Data||LSP*||LSP*||LSP*||LSP*|
* LSP - Some confidential university data may be permissible with appropriate compensating controls. Talk to your Local Support Provider (LSP) for details about your needs and how to protect this data.
Confidential University Data includes:
Sensitive Personally Identifiable Information
Information relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to Penn. Examples may include, but are not limited to, Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance information, donations, patient health information, information Penn has promised to keep confidential, and account passwords or encryption keys used to protect access to confidential University data.
Data, information, or intellectual property in which the University has an exclusive legal interest or ownership right, which, if compromised, could cause significant harm to Penn. Examples may include, but are not limited to, business planning, financial information, trade secrets, copyrighted material, and software, or comparable material from a third party when the University has agreed to keep such material confidential.
Other data whose disclosure would cause significant harm to Penn or its constituents.