USC-provided OneDrive (Microsoft Office 365) accounts are approved for the storage of many types of restricted information, including data covered under HIPAA and FERPA. Additional controls may be required, depending on the type of data and relevant regulations. For questions, please contact the Office of Compliance at compliance@usc.edu.

Non-USC OneDrive accounts, as well as Google Drive, Dropbox and other commercially available document storage services, such as Box.com are not approved by USC for the storage of restricted data.

Types of Restricted USC Information

Below is a list of the types of data that require special handling.

• Protected Health Information (e.g. medical records) (HIPAA).
• Education Records/Student Records (FERPA).
• Alumni and donor records.
• Personal Information (e.g. Social Security numbers, driver’s license numbers, or financial account numbers) (CA Civil Code 1798.80-1798.84).
• Employee/Personnel Records (CA law).
• Trade secrets or confidential industry information. (CA and Federal law).
• Government classified or foreign export restricted data (ITAR).
• Personally Identifiable Financial Information (Gramm-Leach-Bliley Act).
• Non-public university business information, including certain financial records.
• Aggregate or cumulative username, password, and online activity records.
• Credit/debit card information (PCI).

Please see the Restricted Information section of USC’s Information Security policy for descriptions of these categories of legally protected and high-risk information.

Contact the IT manager for your school or unit or the ITS Customer Support Center for additional information. For a listing of local IT support contacts, see itservices.usc.edu/contact/school-list.html. For the ITS Customer Support Center, call 213-740-5555 or send an email to consult@usc.edu.