Data Classification_old

Georgetown’s current categories for classifying data are (from most to least restricted): Restricted; Private; and Public. Data Classification is governed by our Information Classification Policy and our Standards for the Classification of University Information.  A brief description of these categories, and how they map to acceptable storage and transmittal options, can be found below.  

More detailed guidance on Data Handling is available


Consult with UISO
Not permitted without UISO approval
      Restricted Data
Storage Public Private FERPA HIPAA/PHI* Other Restricted Data SSN PCI (credit card)
UIS Managed Storage Yes Yes Yes Yes Yes xx No
GU Box Yes Yes Yes Yes Yes xx No
Canvas/Blackboard Yes Yes Yes No Yes xx No
GU Google Apps Yes Yes Yes No No xx No
Local (C:) drive No No No No No No No
Portable media (CD, Flash drive, etc) No No No No No No No
All Data


This is the most restrictive classification. Information which has the potential to expose the University to greatest risk. This data requires the highest level of protection, whether required by law, regulation, policy, agreement, or risk to the University.

  • HIPAA, FERPA, Breach law,….
  • Identified human research data
  • SSNs
  • DPS case data


Information which is highly sensitive, has the potential for significant negative impact to the University if disclosed outside the University community, or which by policy or agreement is restricted to members of that community.

  • Donor agreements
  • Performance Evaluations
  • Rank and tenure data
  • Agreements in progress
  • Board documents


Information which is generally available, may be shared without restriction, and the loss of which has poses little or no risk to the University.

  • Academic Program Information
  • Course Schedules
  • Event Calendars

Data Stewards govern the use of University Information.  Should you have any questions about the use of a particular type of data, please contact your current data steward.

Box Storage

Store in Box


Academic Programs
Course Schedules
Event Calendars


Donor Agreements
Performance Evaluations

Store in Departmental Box Folder


SSN’s (with approval)
Health Data not covered by HIPAA
Identified Human Research Data


PHI (HIPAA Protected Data)
PHI must be stored in Departmental Shared Folders