Main Nav

I’m looking for some feedback on how other universities may have amended their data classification policies to include university generated audio and video content in the context of what types of content would cause a video to be classified as confidential or protected, or maybe just sensitive.  We are in the process of replacing our video repository and the question was brought to me.  Since Information Security owns most of the policy creation here, I’m struggling with how to word the thing.


I apologize for the cross posting.





James Pardonek, CISSP, CEH

Information Security Officer
Loyola University Chicago 
1032 W. Sheridan Road | Chicago, IL  60660

: (773) 508-6086


********** Visit the EDUCAUSE Policy website at


Here at the University of Missouri, we haven’t made any distinction within our data classification system specifically for audio and video.  We look at it just like any other data and classify it based on content.  If it includes identifiable students, for example, we could classify it at the same level as any other FERPA-protected data.  If it had patient-identifiable medical images, we would classify it at the same level as any other HIPAA-protected data.


I hope this is useful information for you!


Michelle Wisdom, JD

UMHS Information Security Officer



I agree with the below comment as there should not be any need to amend existing policies because in the case of FERPA it is very clear that an image or video recording would identify a student.  Same thing for HIPAA data. 


My two cents.


Carlos S. Lobato, CISSP, CISA, CIA

IT Compliance Officer


New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM  88003


Phone (575) 646-5902

Fax (575) 646-5278