Best Practice: Data Classification

Statement of Best Practice

  • Classify data according to its use to ensure privacy and confidentiality of the data under our stewardship

Contact

  • CISO

Definitions 

Restricted

Data that if compromised or accessed without authorization could lead to criminal charges, significant legal penalties, and/or irreparable harm to the University. Examples include but are not limited to:

  • Credit Card Information (PCI-DSS)
  • Electronic Protected Health Information (ePHI / HIPAA)
  • Personally Identifiable Information (PII)
  • Export Controlled Research (ITAR, EAR)
  • Human Subject Research
  • Student Education Records (FERPA), Financial Aid

 

Confidential  

Data which requires protection of it's confidentiality and specific authorization for access, but would not result in significant legal penalities or harm to the University should it become compromised. Examples include by are not limited to:

  • Intellectual Property (patent information)
  • Sensitive Instituitional Information
  • Research Data (CUI, animal research)
  • Video Recordings
  • Financial, Account, Payroll Information
  • Attorney Client Privilege (Legal)
  • Building access systems
  • Personnel Records
  • IT Infrastructure / Information Security Information

 

Internal only

Data that is only accessible internally to those granted access, but is not otherwise regulated or confidential. Examples include but are not limited to:   

  • Internal Memos
  • Documented Processes and Procedures
  • Exams (questions and answers) / Course materials
  • Business Plans

 

Public    

Data that is freely accessible to the public. Examples include but are not limited to:

  • Directory Information
  • Public Information(Define terms that have specialized meanings in the policy)

 

Details

Article ID: 146800
Created
Fri 9/23/22 4:21 PM
Modified
Thu 10/6/22 10:27 AM
Supported Office or Community
University Community of Students, Staff, and Faculty