Sensitive Data on the HPCC

Data that are subject to external security requirements that do NOT align with the current security posture of the HPCC are “Prohibited Data” and may NOT be stored on nor conditioned/analyzed with HPCC system resources.

Prohibited Data Include:

• Controlled Unclassified Information (CUI)
• Other Data covered under the Federal Information Security Management Act (FISMA)
• Personally Identifiable Information (PII)
• Protected Health Information (PHI); Data covered under the Heath Insurance Portability and Accountability Act (HIPAA)
• Controlled-access data covered under the NIH Genomic Data Sharing (GDS) Policy, revised January 2025

Data that are subject to external security requirements that may align with the current security posture of the HPCC are considered "Sensitive Data". The requirements may be imposed by MSU policy, federal and state regulations, or contractual obligations. Users that intend to work with Sensitive Data must ensure that the HPCC is an appropriate resource given the data security requirements.

Sensitive Data Includes, but is not limited to:

• Data with security requirements set by the MSU Institutional Review Board (IRB)
• Data covered under the Federal Education Rights and Privacy Act (FERPA)
• Data covered under Third Party Agreements

If users are uncertain whether project data is to be considered "Prohibited Data" or "Sensitive Data", please schedule a consultation with MSU IT-Services Research Cyberinfrastructure prior to requesting HPCC Access for the project.

To assist users in drafting proposals that include computational resource descriptions, Information about the HPCC's Sensitive Data Policy is available to those users with MSU credentials.

MSU users may also visit https://data-storage-finder.tech.msu.edu/ for more information about data storage choices on campus (NOTE: This page is only accessible from campus or using Campus VPN).