The guidelines in this table are applicable only for those AWS accounts under the master contract between Cornell and AWS.  If your AWS account is not part of the Cornell Master contract, guidelines from the standard commercial click-through AWS agreement apply.

Permitted in AWS

Contact Cloudification Team

or IT Security Office for Guidance

Prohibited from AWS
  • Any information already publicly available
  • Personal records not including confidential attributes
  • FERPA (education records) requires Data Steward approval
  • GLBA (Bursar Records) requires Data Steward approval
  • Personal identifiers (confidential data)
  • Human subjects data
  • HIPAA (health records)
  • Export controlled research data (approval required; AWS GovCloud account required)
  • Credit card payment processing data (PCI)

This page is a replacement for http://blogs.cornell.edu/cloudification/regulated-data-use-guidelines/

  • No labels