OSC protected data types

There are various types of data which require varying degrees of access controls and auditing in place in order for OSC to support it.

It is the responsibility of the PI of a project to inform OSC whether their project will contain any of these data types and whether that data requires special access controls.
If there is a data type not listed that OSC should be informed of, please contact security@osc.edu

Health Insurance Portability and Accountability Act (HIPAA):

There are other facets to this term, but the most relevant is that it requires strict controls with regards to Protected Health Information (PHI) being stored. OSC does not currently support this type of data.



Export Control

There are controls put in place by government relating to whether certain sensitive software or data can be shared with other countries.


International Traffic in Arms Regulation (ITAR):

Data relating to military use.


Export Arms Regulation (EAR):

All other export control items not classified under ITAR.


NIH Genomic Data Sharing Policy:

Even though this data is deidentified, there are controls that need to be maintained so that only authorized individuals can access the data.