Specifically, from the documentation that I can find (and have seen for quite a while), the MSU policy is that anything that's considered confidential data should not be stored on cloud storage.  Among the many examples of what's considered confidential data, the one that always stands out to me based on the nature of what we do in our department is "Unpublished research data".  As a result, we've always been very careful to stress to our users that they shouldn't be using it, and specifically not for unpublished research data (which invariably is what they want to use it for anyways).  Whether they pay attention to us after that is always of course another debate.

However, this person says the recommendation they were getting from another department was that they should use google drive to store their research data.  And supposedly they were told that MSU's agreement with google allows for stuff including FERPA and HIPAA protected data to be on google drive.  (In this case, I don't think their data actually falls under either of those anyways.)  From what I can find, there is reference to google apps being ok for FERPA stuff, but only specifically MSU's educational records.  The googleapps.msu.edu page specifically then says to avoid any confidential data than educational records.

I'm not trying to throw another department's IT staff under the bus, but do feel that some clarification would be useful.  Among other things, I'm getting told this third party from a user, so I'm entirely willing to believe that there's something being lost in translation there.  

(I've also always kinda felt that it's better to err on the side of caution here.  If something did happen and things got breached, faculty with tenure tend to be pretty hard to fire because of something like that.  The IT staff that let them get away with doing this in the first place is far more easily replaced :). Call it a healthy dose of paranoia.)

Gary