Body
1. Data Classification and Storage Locations
- Restricted/Critical Data: Data whose unauthorized disclosure, alteration, or destruction could cause significant harm to the college or individuals.
- Examples:
- Personally Identifiable Information (PII)
- FERPA Data
- HIPAA Data
- PCI DSS Data
- Storage Locations: Secure drives such as and H:\\ and I:\\ with encryption and access controls.
- Sensitive Data: Data that requires a higher level of protection due to its sensitivity but is not classified as Restricted/Critical.
- Examples:
- Non-Confidential Data that still requires some level of protection
- Storage Locations: Can be stored on C:\\, H:\\, I:\\, OneDrive, and SharePoint with appropriate access controls.
- Public Data: Data intended for public use and does not require the same level of protection as Restricted/Critical or Sensitive data.
- Examples:
- General administrative data
- Public announcements
- Course catalogs
- Storage Locations: Can be stored on C:\\, H:\\, I:\\, OneDrive, and SharePoint.
2. Best Practices for Protecting Data
- Restricted/Critical Data:
- Encrypt data at rest and in transit.
- Implement strict access controls and regular audits.
- Store only on secure, approved drives and systems.
- Sensitive Data:
- Encrypt data where possible.
- Implement role-based access controls.
- Regularly review and update access permissions.
- Public Data:
- Ensure data is accessible only to authorized personnel.
- Use secure storage solutions with appropriate access controls.
3. General Recommendations
- Use Departmental Network Shares: Store work-related sensitive data on departmental network shares.
- Work with OIT: Secure data systems appropriately with the help of OIT.