Georgetown’s current categories for classifying data are (from most to least restricted): Restricted; Private; and Public. Data Classification is governed by our Information Classification Policy and our Standards for the Classification of University Information. A brief description of these categories, and how they map to acceptable storage and transmittal options, can be found below.
More detailed guidance on Data Handling is available
|Storage||Public||Private||FERPA||HIPAA/PHI*||Other Restricted Data||SSN||PCI (credit card)|
|UIS Managed Storage||Yes||Yes||Yes||Yes||Yes||xx||No|
|GU Google Apps||Yes||Yes||Yes||No||No||xx||No|
|Local (C:) drive||No||No||No||No||No||No||No|
|Portable media (CD, Flash drive, etc)||No||No||No||No||No||No||No|
This is the most restrictive classification. Information which has the potential to expose the University to greatest risk. This data requires the highest level of protection, whether required by law, regulation, policy, agreement, or risk to the University.
- HIPAA, FERPA, Breach law,….
- Identified human research data
- DPS case data
Information which is highly sensitive, has the potential for significant negative impact to the University if disclosed outside the University community, or which by policy or agreement is restricted to members of that community.
- Donor agreements
- Performance Evaluations
- Rank and tenure data
- Agreements in progress
- Board documents
Information which is generally available, may be shared without restriction, and the loss of which has poses little or no risk to the University.
- Academic Program Information
- Course Schedules
- Event Calendars
Data Stewards govern the use of University Information. Should you have any questions about the use of a particular type of data, please contact your current data steward.
Store in Box
Store in Departmental Box Folder
SSN’s (with approval)
Health Data not covered by HIPAA
Identified Human Research Data
PHI (HIPAA Protected Data)
PHI must be stored in Departmental Shared Folders