The Regulated Data Chart can be used to help you determine where to store your files in accordance with important data security rules and regulations. Important: Due to constantly changing regulatory and grant changes, please consult with your Data Security Officer (DSO) to determine the safest place to store your confidential data.
How to Interpret the Regulated Data Chart
✅ Use Permitted - No technical, policy, or contractual issues exist that prohibit use of this data type with this service. You may send, store or share the regulated data type with this service if your data steward and your department/unit policies permit you to do so.
⚠️ Use Restricted - Use of this service with the regulated data type is restricted and approval is required. Follow the instructions provided for this service by looking at the Use Restricted Key at the bottom of this page.
❌ Use Prohibited - Use of this service with the regulated data type is prohibited. Do not use this service to send, store or share the regulated data type.
ITS Tools & Services
Service | Personal
| Credit
| Student Loans or Financial Aid
| Health
| Education Records
| Human
| Employee
| Internal
| Public |
| BC Gmail | ❌ | ❌ | ❌ | ❌ | ✅ | ⚠️2 | ⚠️1 | ⚠️1 | ✅ |
| BC Google Drive | ❌ | ❌ | ❌ | ❌ | ✅ | ⚠️2 | ⚠️1 | ⚠️1 | ✅ |
| BC Google Apps | ❌ | ❌ | ❌ | ❌ | ✅ | ⚠️2 | ⚠️1 | ⚠️1 | ✅ |
| BC ITS Managed Servers | ✅ | ⚠️4 | ✅ | ⚠️3 | ✅ | ⚠️2 | ✅ | ✅ | ✅ |
| Departmental Files Shares** | ❌ | ⚠️4 | ✅ | ⚠️3 | ✅ | ⚠️2 | ✅ | ✅ | ✅ |
| BC-provided laptop, desktop or smartphone | ❌ | ❌ | ❌ | ❌ | ✅ | ⚠️2 | ✅ | ✅ | ✅ |
| Unencrypted flash/ thumb drive | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Encrypted flash/ thumb drive | ✅ | ⚠️4 | ✅ | ⚠️3 | ✅ | ⚠️2 | ✅ | ✅ | ✅ |
| CrashPlan | ❌ | ⚠️4 | ✅ | ❌ | ✅ | ⚠️2 | ✅ | ✅ | ✅ |
| Canvas LMS | ❌ | ❌ | ❌ | ❌ | ✅ | ⚠️2 | ❌ | ❌ | ✅ |
| BCWorks Ticketing (ticket management) | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
| BC Microsoft 365 (Sharepoint, OneDrive) | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ⚠️1 | ✅ |
| BC Box | ❌ | ❌ | ❌ | ❌ | ✅ | ⚠️2 | ❌ | ✅ | ✅ |
| BC Jira | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| BC Wiki | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Wireless Network | ⚠️5 | ⚠️4 | ⚠️5 | ⚠️3 | ⚠️5 | ⚠️2 | ⚠️5 | ⚠️5 | ✅ |
Non-BC Tools & Services
Service | Personal
| Credit
| Student Loans or Financial Aid
| Health
| Education Records
| Human
| Employee
| Internal
| Public |
| 3rd Party Email (e.g. Personal Gmail, Hotmail) | ❌ | ❌ | ❌ | ❌ | ❌ | ⚠️2 | ❌ | ⚠️1 | ✅ |
| Personally-owned laptop, desktop or smartphone | ❌ | ❌ | ❌ | ❌ | ✅ | ⚠️2 | ❌ | ✅ | ✅ |
| Personal cloud Storage Services (e.g. Evernote, Dropbox, Personal Google Drive, OneDrive, iCloud, SkyDrive) | ❌ | ❌ | ❌ | ❌ | ❌ | ⚠️2 | ❌ | ✅ | ✅ |
| Survey sites*** | ❌ | ❌ | ❌ | ❌ | ❌ | ⚠️2 | ❌ | ❌ | ✅ |
^ Because 201 CMR requires stored file encryption.
* Personal Identifiers - As defined by Massachusetts 201 CMR 17, protected personal identifiers include (a) Social Security Number, (b) driver's license
number or state-issued identification card number, or (c) financial account number, or credit or debit card number.
** Departmental File Shares - Hard drive space made available on a remote server typically provided by BC departments or schools.
*** Survey sites - Online sites for conducting surveys such as SurveyMonkey, Zoomerang, SurveyGizmo and PollData.
⚠️ Use Restricted Key
- Take special care not to send to large email lists or to "Reply All' to large email lists.
- Any use of human subject research data is subject to the approval of Boston College Institutional Review Board.
2a. The Boston College Institutional Review Board evaluates the use of these platforms on a case-by-case basis. For more information, please see Office of Research Protection's Research Data Policy (PDF). - Any handling of Protected Health Information must comply with U.S. HIPAA Privacy and Security regulations.
- See Payment Card Usage policy at Boston College (PDF).
- Only use a secure wireless network, such as the 'eduroam' network