GitHub Shared Service - End User Service Agreement
End User Agreement for University GitHub Shared Service
As a user of the University GitHub Enterprise License, you agree to the following:
- GitHub CANNOT be used to store banking information, Social Security Numbers (SSNs), passwords, API keys, encryption keys, or other data classified as High Risk by the University’s Data Classification standard: https://cybersecurity.uillinois.edu/data_classification
- GitHub CANNOT be used to store Personal Health Information (PHI) and HIPAA-related data.
- The storage of FERPA-related data is not permitted at this time.
- Work created as part of the user's University duties must be stored in University organizations and repositories, and not the user's personal organizations and repositories.
- Non-University related work should be stored in non-university organizations and repositories. Any data that resides in a University GitHub organization is controlled and may be owned by the University. See "The General Rules Concerning University Organization and Procedure" for more details on intellectual property and copyrights rules.
- When creating public repositories, beware that they give anonymous Internet-wide access. The creator must review and follow these public repository guidelines:
- It is critical that GitHub public repositories are NOT used to store High Risk, Sensitive, or Internal information by the University’s Data Classification standard: https://cybersecurity.uillinois.edu/data_classification
- High risk information should not be in public repositories. For example:
- Banking information
- Social Security Numbers (SSNs)
- Passwords, API keys, encryption keys, and other authentication and authorization codes
- Sensitive information intended only for internal (University) consumption should not be in public repositories. For example:
- Student Records (FERPA)
- Employee personal information such as home address, email address, telephone
- Information covered by a Non-Disclosure Agreement (NDA)
- Network and System Diagrams and Configuration Documents
- Internal information intended only for internal (University) consumption should not be in public repositories. For example:
- Unpublished research data
- Intellectual property
- Review the "University of Illinois Policy for Publishing on the Internet" guide: https://www.vpaa.uillinois.edu/resources/policy_for_publishing_on_the_internet