Any classification of data can be stored in OneDrive for Business, however it is not the appropriate storage location for institutional records.
Data classification/categorization information can be found in the Information Security Handbook, under section 7.3.
In general, storage of information must adhere to institutional policies and standards for protecting information, including physical security. The protection of information must be commensurate with the value of the information (e.g., category I requires the highest level of security, therefore no unauthorized sharing, access, or use of the information is allowed).
In regard to the exchange of information:
In regard to mobile devices:
In regard to backups:
In regard to who can store information, it is up to the information owner to make that decision, as they approve access to their information. Users must adhere to institutional policies and standards for protecting information when accessing resources and information remotely.
In summary, regardless of the technology used to store information, institutional policies and standards must be followed to ensure its protection.