Data Classification
There are three classifications that USU recognizes for all electronically stored data. Each classification has different requirements surrounding security, management, storage, and access privileges. Departments should carefully evaluate the appropriate data classification category for their information. Definitions and the storage regulations can be found below.
Public Data
Public data is any information that is publicly available and intended for public use. When used as intended, this information would have no adverse effect on USU's operations, assets, reputation, or obligations concerning information privacy or on any individual's privacy.
Examples:
- Campus Maps
- Course descriptions
- Student enrollment numbers
Confidential Data
Confidential institutional data is any information that is restricted to members of the USU community who have a legitimate business need for accessing such data.
Examples:
- Internal memos and email, and non-public reports, budget, plans, and financial information
- Library transactions
- Information covered by non-disclosure agreements
Restricted Data
Restricted data is information protected by statutes, regulations, US policies, or contractual language. This data may be disclosed to individuals only on a need-to-know basis because a loss of this information would result in harm to its owner or institution.
Examples:
- Social Security Numbers
- Medical records or HIPAA data
- Birth dates
- Student and prospective student information
- Export controlled information under U.S. laws
The term "sensitive data" is used to reference to both Confidential Data and Restricted Data.
View the Data Classification Quick Reference Guide.
Storage Regulations
After determining which type of data you handle, review the appropriate handling procedures in accordance with its classification as well as the proper storage requirements for each data classification.
View University Data Handling Requirements
View University Data Storage Requirements