Information Classification and Handling

Do you know how important your data is? Have you thought about where it is stored? What would you do if your data was lost?

Data is one of the University’s most valuable assets. Because the majority of our employees rely on this information to conduct their day-to-day operations, we must learn to properly handle and secure it.

As members of the University community, we have the responsibility to safeguard the information we process, which means that we need to familiarize ourselves with how data gets classified, stored and shared.

How Does Data Get Lost?

Laptop and other technologies can get stolen by unauthorized visitors
Computers or other technical equipment can get hacked through spear phishing emails

What is the Impact of Data Loss?

The repercussions vary but could include loss of University reputation, loss of funding for the University, fines, long-term loss of critical campus or departmental service, and identity theft.

Manage Your Data

We hope the information below will help you manage your data in the most secure way possible. You may select the links below to jump to the corresponding section:

***

Restricted Data

red-secure

Restricted data is the most important or sensitive type of information. This information is regulated by law, such as HIPAA, and/or governed by other federal, state or local law, or University policy.

Examples: Social security numbers, driver license numbers, passwords, bank account numbers and credit card information.

Storage: Restricted information in electronic records should be secured with strong encryption when stored outside the central University administrative database. Restricted information in all forms of physical records must either be security locked or actively supervised in a private environment at all times.

Storage Option: RoyalDrive

Transmission: If you need to send restricted information through an email, please follow the following steps:
1. Save the information in RoyalDrive and set a password for it
2. Send the intended recipient an email containing the RoyalDrive ticket
4. Call the recipient and relay the password information to them

Confidential Data

yellow-secure

Confidential information, while not being overtly damaging to the user, can be potentially embarrassing to the University. It may contain records or information on events or activities that can be misinterpreted by people unfamiliar with those activities.

Examples: Grades, class lists, financial aid information, donor records, tuition bills, employee performance reviews, disability claims and department budget information.

Storage: Confidential information shall be stored in physical or electronic environments where access is limited to only those who need to conduct University business.

Storage Options: RoyalDrive and OneDrive for Business

Transmission: Confidential information may be transmitted over the University or external networks as required, but only with those who need to use the information.

Public Use Data

blue-secure

Public use information can be released without much concern for security.

Examples: Campus maps, event and class schedules, press releases and athletic scores and schedules.

Campus Resources

If you have any questions regarding data classification, handling and storage, contact the Information Security Office at 570-941-4226 or email mailto:infosec@scranton.edu.