Main Nav

We have a four level data classification structure at the University of Rochester:  Legally Restricted, Confidential, Internal Use Only, Public. 

 

I know many university’s have a data classification policy and within that policy examples are highlighted for the reader.  I was wondering if anyone has taken their data classification process down to the next level and created a data map / schema to assist the end users and to try remove the shades of gray when trying to classify department specific information ?  We continually are question on “what is confidential” and are trying to more clearly define this for our end users. 

 

I hope you all have a wonderful New Year !

 

Thank you,

 

Julie Myers 
Chief Information Security Officer

University of  Rochester - University IT

julie.myers@rochester.edu  

p: 585.273.1804  c: 585.208.0939  

P Think twice before you print

 CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you.

 

Comments

Can I assume that the University of Rochester is governed by New York FOIA?  How does that affect the classifications Confidential and Internal Use Only? While we continue to struggle with codification of data classification, the current suggested structure is Confidential by Legal Definition, Restricted (but available via WV FOIA procedures), and Public.  Departmental specific information is still WVU information and therefore subject to the enterprise classifications. Sub-classifications by department implies separate laws governing those divisions which is not the case.  In a public agency it is well argued that only legally restricted information such as PII is truly confidential.
 
But that's only my opinion. I've been wrong today a dozen times and it isn't yet lunch time.
 
Bob
 


 
 
Robert E. Meyers,  Ms.Ed.
Educational Program Manager
  Office of Information Security
West Virginia University
office: (304) 293-8502
remeyers@mail.wvu.edu


>>> On Friday, December 30, 2011 at 8:54 AM, "Myers, Julie" <julie.myers@ROCHESTER.EDU> wrote:

We have a four level data classification structure at the University of Rochester:  Legally Restricted, Confidential, Internal Use Only, Public. 

 

I know many university's have a data classification policy and within that policy examples are highlighted for the reader.  I was wondering if anyone has taken their data classification process down to the next level and created a data map / schema to assist the end users and to try remove the shades of gray when trying to classify department specific information ?  We continually are question on "what is confidential" and are trying to more clearly define this for our end users. 

 

I hope you all have a wonderful New Year !

 

Thank you,

 

Julie Myers 
Chief Information Security Officer

University of  Rochester - University IT

julie.myers@rochester.edu  

p: 585.273.1804  c: 585.208.0939  

P Think twice before you print

 CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you.

 

Message from valdis.kletnieks@vt.edu

On Fri, 30 Dec 2011 08:54:45 EST, "Myers, Julie" said: > information ? We continually are question on "what is confidential" and > are trying to more clearly define this for our end users. > CONFIDENTIALITY: This email (including any attachments) may contain > confidential, proprietary and privileged information, and unauthorized > disclosure or use is prohibited. If you received this email in error, > please notify the sender and delete this email from your system. Thank > you. Data Classification: You're Doing It Wrong. :)


Sent from my iPhone

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.