Protected Data Guideline for AWS

Amazon Web Services - Sensitive Data Guidance

AWS has a core set of secure services, but it is up to each user to implement appropriate security controls and to comply with applicable University policies, notably policies relating to the protection of University data and Level 1 data policies

Third-party content that is available through AWS are generally governed by separate contract terms and conditions, including separate fees and charges. AWS may not have tested or screened third-party content.

Data Type Data Use Comments
Credit Card (PCI-DSS) Not permitted. Not acceptable for PCI-DSS data.
Export Control Consult Consult with Information Security.
Electronic Protected Health Information (ePHI) subject to HIPAA Consult HIPAA Business Associate Agreement has been signed. Consult with Information Security.
Human Subject Research Consult Consult with Information Security.
Intellectual Property Consult Consult with Information Security.
IT Security Information Permitted When appropriately configured.
Other Sensitive Institutional Information 
(e.g. Fundraising, Attorney/Client Privileges)
Consult Consult with Information Security.
Personally Identifiable Information (PII) Consult When appropriately configured; consult with Information Security
Public Information Permitted  
Research Data 
(Animal General, Non-Humanoid Subject Research)
Permitted Consult with Information Security and office of research. 
Student Education Records
(FERPA)
Permitted Excluding student health records. Consult with Information Security.
Sensitive Data Guidance
Scroll back to the top of the page