Data Classification Guide to IT Services

What types of data can be used with different IT services and tools

Data Classification Guide to IT Services

Use this guide to make informed decisions about where to safely store and share university data. Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable. Please visit the Core Security Standards webpage for more information about how to safely secure workstations and servers. Contact IT-Security@uiowa.edu or Research-Computing@uiowa.edu with any questions.

Coming Soon: IT Services for Sensitive Data
We’re creating dedicated pages that explain which IT services can be used with HIPAA-protected data, Export-Controlled data, and other regulated data types. Once these resources are ready, we’ll link them here for easy access.

Data Types

Public: data that is public, or published with no restrictions. Examples include published "white pages" directory information, maps, academic course descriptions, news releases.

University/Internal: data that is non-public or internal data. Examples of institutional data include official university records, financial reports, unofficial student records, de-identified research data.

Restricted: data that is confidential or restricted due to personal privacy considerations or compliance regulations and laws. Examples include student transcripts, identifiable human subjects research data, full-face photographic images or videos, financial aid data.

Critical: data that has the most stringent legal or regulatory requirements and requires special security controls. Examples include data governed by HIPAA (personal health information), Social Security Numbers (SSNs), credit card information (PCI), personal identifiers (passport/driver's license numbers), data governed by ITAR (export-controlled).

IMPORTANT:

Because the classification of Critical data depends on the specific data points involved, consultation with it-security@uiowa.edu or research-computing@uiowa.edu is required.
PCI data should not be stored on any of the services listed below. If you are working with PCI data, please contact the IT Security Office.
If you need to store SSNs, please work with the IT Security Office to determine the best storage location.

Legend

	Permitted
	Consultation Required. Please contact IT-Security@uiowa.edu or Research-Computing@uiowa.edu
	Not Permitted

IT Tools & Services

Service	Public	University/Internal	Restricted	Critical
Apple iCloud
AWS Cloud Enterprise
Box
ChatGPT
ChatGPT (Paid)
ChatGPT Edu
DeepSeek
Dispatch
Dropbox
Globus
Google Gemini (Bard)
Google Drive & Gmail
Home Drives (Files@Iowa)
HPC Systems
Large Scale Storage (LSS)
ICON
Interactive Data Analytics Service
Iowa Health Data Resource (IHDR) Data Enclave
Microsoft Azure Cloud Services Enterprise
Microsoft 365 Copilot
Microsoft Copilot Chat
Microsoft Copilot - Personal
Microsoft 365
Microsoft OneDrive for Business
Microsoft Power BI
Microsoft SharePoint Online (O365)
Microsoft Teams
Microsoft Teams (Apps & Add-ins)
Personal Cell Phones
Personal Devices (e.g. laptops, USBs, personal cloud services, etc.)
Qualtrics
R: Drive
REDCap
Research Data Storage Service (RDSS)
Research Remote Desktop Service
Shared Drive (Files@Iowa)
Skype for Business
UICapture
UI or UIHC-Managed Devices
XNAT
UI Zoom

Last updated

Thursday, December 4, 2025

Article number

5351

Information Technology Services

Data Classification Guide to IT Services