Search Google Appliance

Information Technology

Storing University Data on Apps at UMass Amherst: Dos & Don'ts

UMass Amherst has negotiated a contract with Google to adhere to security best practices and has authorized Google to act as an agent of the University. The contract allows members of the University community to store some sensitive University data on Apps at UMass Amherst (including UMass Amherst Google Mail), but not restricted data (e.g., Social Security Numbers, medical records, restricted research data). You are responsible for finding an alternative storage option if the University data you handle must not be stored on Apps at UMass Amherst. 

Notes:

  • You must treat data with multiple classifications according to the highest level of restriction and sensitivity.
    Example: Student financial records could fall under confidential data (under the Federal Education Rights & Privacy Act - FERPA) or restricted data (under Mass General Law 93H), but are classified as restricted data because restricted data has the higher level of sensitivity.
  • Separate, more stringent requirements apply to sharing University data on Apps at UMass Amherst.
    While you may use Apps at UMass Amherst to store some University data, this does not mean you may also share this data with others.

For more information on requirements for storing University data with other storage and collaboration services, see the Requirements for Storing University Data

Must Not Be Stored on Apps at UMass Amherst

  • Social Security Numbers
  • Ethnicity records
  • Other personal information, as defined by Mass General Law 93H, including names in combination with driver's license numbers, state identification card numbers, financial account numbers.          
     

Medical records, such as: 

  • Patient records
  • Individually identifiable health information
  • Protected health information 

Financial records, such as:

  • Bank account information
  • Credit card numbers
  • Students' & parents' financial records
  • Other financial records protected by industry regulations (e.g., Payment Card Industry Data Security Standard - PCI-DSS)

Research data, such as:

  • Human subjects data
  • Export Administration Regulations (EAR)-protected data
  • International Traffic in Arms Regulations (ITAR)-protected data
  • University trade secrets
  • Intellectual property
  • Third-party confidential or proprietary data
  • Sensitive personal research data

Can Be Stored on Apps at UMass Amherst

Student education records, such as:

  • Class rosters
  • Student grades & evaluations
  • Advising notes
  • Student's class schedules
  • Other records protected by the Federal Education Rights & Privacy Act (FERPA)

Identification Information, such as:

  • Student & employee IDs
  • Passport & visa information
     

'Operational Use Only' Data, such as:

  • Project plans & meeting notes
  • Business procedures
  • Campus infrastructure plans

Unclassified Data, such as:

* Unless the student chooses to withhold it.