Regulated Data Use guidelines

The guidelines in this table are only applicable for those under the Cornell Master AWS contract or the Cornell Azure Enterprise Agreement.  If you are not under either of those two contracts, the default data guidelines from the ‘click through’ agreement apply.


Contact Cloudification or IT Security Office for secure practices


  • Any information already publicly available.
  • Personal records not including confidential attributes
  • FERPA (education records) requires Data Steward approval
  • GLBA (Bursar Records) requires Data Steward approval
  • Personal identifiers (confidential data)
  • Human subjects data
  • HIPAA (health records)
  • Export controlled research data (approval required)
  • Credit card payment processing (PCI)


See Cornell Regulated Data Chart for additional information.