Data Classification

The purpose of this standard is to define a framework for assessing data sensitivity, measured by the adverse business impact a breach of the data would have upon the college.  The classification will also communicate to employees the sensitivity of the information so that it is properly handled.  An email should never be used to transmit sensitive data unless the contents of the email are encrypted.

NOTE: If you are responsible for handling sensitive data, it is recommended you use the college’s Secure Share Service to transmit the information to any authorized internal or external party.

Standard

There are three classification categories that shall be used to classify data and information resources.  These classifications will be based on the impact of losing the confidentiality, integrity, or availability of this information.  This impact can affect the financial, reputational, legal, or safety of individuals.

  • Confidential Classification Category (High Impact): This category shall be applied when the protection is required by law or there is a potential for an adverse impact on College operations and assets or individuals.
  • Restricted Classification Category (Moderate Impact): This category shall be applied on data or information resources not covered under High Impact, but where there is still a responsibility to protect based on an individual’s right to opt-out of information that needs to be restricted until requested through an official process.
  • Public Classification Category (Low Impact): This category includes all information that is not covered under the High or Moderate Impact.  The protection of the information is at the discretion of the owner or custodian.

For more information, reference the college’s Data Classification Standard.  For additional guidance, also reference the Data Classification Guidelines.  For further assistance in classifying and handling college data, please contact our office at 956-872-2335.