Data Security

Microsoft OneDrive for Business accounts provided by ITS are approved by USC for the storage of restricted data. Please note that additional controls may be required, depending on the type of data and relevant regulations. (Please contact usc-ciso@usc.edu for additional information.)

USC Google Drive and other commercially available document storage services, such as Box.com, DropBox, or non-USC OneDrive or Google Drive accounts, are NOT approved by USC for the storage of restricted data.

Types of Restricted USC Information

Below is a list of the types of data that require special handling.

  • Protected Health Information (e.g. medical records) (HIPAA).
  • Education Records/Student Records (FERPA).
  • Alumni and donor records.
  • Personal Information (e.g. Social Security numbers, driver’s license numbers, or financial account numbers) (CA Civil Code 1798.80-1798.84).
  • Employee/Personnel Records (CA law).
  • Trade secrets or confidential industry information. (CA and Federal law).
  • Government classified or foreign export restricted data (ITAR).
  • Personally Identifiable Financial Information (Gramm-Leach-Bliley Act).
  • Non-public university business information, including certain financial records.
  • Aggregate or cumulative username, password, and online activity records.
  • Credit/debit card information (PCI).

Please see the Restricted Information section of USC’s Information Security policy for descriptions of these categories of legally protected and high-risk information.

Contact the IT manager for your school or unit or the ITS Customer Support Center for additional information. For a listing of local IT support contacts, see itservices.usc.edu/contact/school-list.html. For the ITS Customer Support Center, call 213-740-5555 or send an email to consult@usc.edu.