Main Nav

We have a four level data classification structure at the University of Rochester:  Legally Restricted, Confidential, Internal Use Only, Public. 

 

I know many university’s have a data classification policy and within that policy examples are highlighted for the reader.  I was wondering if anyone has taken their data classification process down to the next level and created a data map / schema to assist the end users and to try remove the shades of gray when trying to classify department specific information ?  We continually are question on “what is confidential” and are trying to more clearly define this for our end users. 

 

I hope you all have a wonderful New Year !

 

Thank you,

 

Julie Myers 
Chief Information Security Officer

University of  Rochester - University IT

julie.myers@rochester.edu  

p: 585.273.1804  c: 585.208.0939  

P Think twice before you print

 CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you.

 

Comments

Can I assume that the University of Rochester is governed by New York FOIA?  How does that affect the classifications Confidential and Internal Use Only? While we continue to struggle with codification of data classification, the current suggested structure is Confidential by Legal Definition, Restricted (but available via WV FOIA procedures), and Public.  Departmental specific information is still WVU information and therefore subject to the enterprise classifications. Sub-classifications by department implies separate laws governing those divisions which is not the case.  In a public agency it is well argued that only legally restricted information such as PII is truly confidential.
 
But that's only my opinion. I've been wrong today a dozen times and it isn't yet lunch time.
 
Bob
 


 
 
Robert E. Meyers,  Ms.Ed.
Educational Program Manager
  Office of Information Security
West Virginia University
office: (304) 293-8502
remeyers@mail.wvu.edu


>>> On Friday, December 30, 2011 at 8:54 AM, "Myers, Julie" <julie.myers@ROCHESTER.EDU> wrote:

We have a four level data classification structure at the University of Rochester:  Legally Restricted, Confidential, Internal Use Only, Public. 

 

I know many university's have a data classification policy and within that policy examples are highlighted for the reader.  I was wondering if anyone has taken their data classification process down to the next level and created a data map / schema to assist the end users and to try remove the shades of gray when trying to classify department specific information ?  We continually are question on "what is confidential" and are trying to more clearly define this for our end users. 

 

I hope you all have a wonderful New Year !

 

Thank you,

 

Julie Myers 
Chief Information Security Officer

University of  Rochester - University IT

julie.myers@rochester.edu  

p: 585.273.1804  c: 585.208.0939  

P Think twice before you print

 CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you.

 

Message from valdis.kletnieks@vt.edu

On Fri, 30 Dec 2011 08:54:45 EST, "Myers, Julie" said: > information ? We continually are question on "what is confidential" and > are trying to more clearly define this for our end users. > CONFIDENTIALITY: This email (including any attachments) may contain > confidential, proprietary and privileged information, and unauthorized > disclosure or use is prohibited. If you received this email in error, > please notify the sender and delete this email from your system. Thank > you. Data Classification: You're Doing It Wrong. :)


Sent from my iPhone