447AD8C6-EBA5-100C-B4D9FE2331C21107
447C03D5-BAD1-1E2D-E96DD35C2406C196

Data Classification


Quick Reference

Purpose

Classification of data is a critical element of any mature information security program and fundamental to protecting Hamilton’s information assets.  This Quick Reference has been developed to assist faculty, staff and students  in identifying appropriate ways to use and store institutional information.  Information assets are classified according to the Data Classification Policy  and Procedures into one of four confidentiality levels:  High, Moderate, Low, or Prohibited.

Information assets are assigned a confidentiality level based on the appropriate audience for the information. If the information has been previously classified by regulatory, legal, contractual, or company directive, then that classification will take precedence. The confidentiality level then guides the selection of protective measures to secure the information including where the information can be stored.  In general, information should only be shared with people who have a legitimate business “need to know.”

Common Data Assets

The following COMMON DATA ASSETS chart lists the most common data elements used at Hamilton and their classification based on the “confidentiality” criteria. This chart is provided for reference purposes only and is not intended to supersede the Data Classification Policy or Procedure.

Where can common data be stored?
DATA TYPE LIST

Common Usage

The following chart lists the most common places where data assets may be stored at Hamilton. The chart is divided into two sections, Systems and Applications (the software systems currently in use at Hamilton) and Devices and Media (the hardware in use at Hamilton).  The most common question that members of the Hamilton community have is what systems and hardware can I use to manipulate and store information that is classified as HIGH or MEDIUM. This chart is provided for reference purposes only and is not intended to supersede the Data Classification Policy or Procedure.

What can be stored in a system or device?
SYSTEMS AND DEVICE LIST

 

Some common examples

Faculty: Faculty commonly work with data about students that is protected by FERPA and is classified as HIGH.  This includes grades, transcripts, advising records and other information that must be protected.  Work with this data should be on College-provided computers that are encrypted.  This information can be stored in Google docs if two-factor authentication is used to protect the user accounts. If this information is printed the print documents should be stored in locked file cabinets when not in use.  When paper information is no longer needed it should be shredded, not thrown in garbage cans. 

Staff: Staff in college offices, as part of their daily work,  have access to information classified as HIGH or MEDIUM, including, for example,  social security numbers, credit card numbers, bank account numbers. Work with this data should be on College-provided computers that are encrypted.  This information can be stored in Google docs if two-factor authentication is used to protect the user accounts. If this information is printed the print documents should be stored in locked file cabinets when not in use.  When paper information is no longer needed it should be shredded, not thrown in garbage cans. 

Students: Students working for college offices may have access to information classified as HIGH or MEDIUM, including, for example,  social security numbers, credit card numbers, bank account numbers. Work with this data should be on College-provided computers that are encrypted. They should be trained by their immediate supervisor as to appropriate ways to handle this data.  This data should not be shared with anyone other than people approved by their supervisor.

DATA TYPES SYSTEMS AND DEVICES

Contact Information


Jerry Tylutki

Information Security Officer
315-859-4289 jtylutki@hamilton.edu
Back to Top