Georgetown's current categories for classifying data are (from most to least restricted): Restricted; Private; and Public. Data Classification is governed by our Information Classification Policy and our Standards for the Classification of University Information.  A brief description of these categories, and how they map to acceptable storage and transmittal options, can be found below.  

More detailed guidance on Data Handling is available!

*
Consult with UISO
xx
Not permitted without UISO approval
      Restricted Data
Storage Public Private FERPA HIPAA/PHI* Other Restricted Data SSN PCI (credit card)
UIS Managed Storage Yes Yes Yes Yes Yes xx No
GU Box Yes Yes Yes Yes Yes xx No
Canvas/Blackboard Yes Yes Yes No Yes xx No
GU Google Apps Yes Yes Yes No No xx No
Local (C:) drive No No No No No No No
Portable media (CD, Flash drive, etc) No No No No No No No

All Data

 

Restricted

This is the most restrictive classification. Information which has the potential to expose the University to greatest risk. This data requires the highest level of protection, whether required by law, regulation, policy, agreement, or risk to the University.

Examples:

  • HIPAA, FERPA, Breach law,….
  • Identified human research data
  • SSNs
  • DPS case data

Private

Information which is highly sensitive, has the potential for significant negative impact to the University if disclosed outside the University community, or which by policy or agreement is restricted to members of that community.

Examples:

  • Donor agreements
  • Performance Evaluations
  • Rank and tenure data
  • Agreements in progress
  • Board documents

Public

Information which is generally available, may be shared without restriction, and the loss of which has poses little or no risk to the University.

Examples:

  • Academic Program Information
  • Course Schedules
  • Event Calendars

 

Data Stewards govern the use of University Information.  Should you have any questions about the use of a particular type of data, please contact your current data steward.

Box Storage

Store in Box


Public

Academic Programs

Course Schedules

Event Calendars

Private

Donor Agreements

Performance Evaluations

FERPA

Store in Departmental Box Folder


Restricted

SSN's (with approval)

PII

Health Data not covered by HIPAA

Identified Human Research Data

Restricted-PHI

PHI (HIPAA Protected Data)

PHI must be stored in Departmental Shared Folders