Skip to main content

(PDF Version of This Page)

The UNC Information Security Office has also created an updated guideline for storing and sharing sensitive information within Office 365.
  • Drivers License or State ID Numbers
  • Tax ID numbers (other than UNC’s) or Employer Identification Number
  • Credit Card numbers, Bank Routing numbers with account numbers, or PINs
  • Social Security Numbers or Passport Numbers
  • Biometric data or fingerprints used for identity verification
  • Digital Signatures
  • Financial Acct Access Data: Data or tokens used to verify identity for Financial Account Access
  • GLBA Financial Data: Information on Loan, Investment, Insurance, or other financial instruments
  • HIPPA Data – Protected Health Information: Information about the past, present, or future physical or mental health or condition that is identifiable to an individual
  • Educational Records – FERPA: Non-directory information about student work, attendance, or performance protected by FERPA
  • Card Holder Data PCI: Financial Card Holder Data
  • Non-Directory Personnel Data: Data about employment or employee performance that is not public under state open records rules
  • Public Records Act Confidential: Protected state records as defined by the NC Public Records act -NC GS 132. Incl. Emergency Response plans, Security Plans, or detailed plans and drawings of public buildings and infrastructure facilities, et al.


  • Office 365
    • Sharepoint (within secure folders)
    • OneDrive for Business
  • SecNAS
  • Portable Devices (laptops, thumb drives) – MUST use encrypted hard drives

Not Approved

  • Shared Drives (
  • C drive, local drive, desktop
  • FacDraw and FacHome



  • University email (Office 365/Exchange)
  • Within ConnectCarolina using ImageNow

Not approved

  • Phone SMS, text, messenger, WhatsApp, etc.


To receive SI from outside party

  • Fax or Phone
  • Email (no guarantee of security for outside party)

To send SI to outside party

  • No approved way