Another Sample – Data Classification
March 4, 2020Sample
Reasons for DLP
- Assessing where your organization’s confidential and sensitive data is being stored and who is accessing it
- Mitigating liability, negative exposure, fines and lost revenue
- Maintaining compliance with increasingly mobile workforce
- Cloud deployment sanitization
- Compliance: HIPAA, GLBA, FERPA, GDPR, PCI
| Data Classification | Institutional Risk | Description | Examples |
| Level 1 – Restricted Data | High | Institutional data that could seriously or adversely impact to the organization and / or could have consequences on our responsibility for safety and education if accessed by unauthorized individuals. Institutional data is considered as high risk related to compliance, reputation, and/or confidentiality/privacy concerns. This data should have the highest level of security controls applied | PII (Social Security Number-SSN, Driver’s License Number) Bank/Financial Account Information Credit Card Information (PCI) Student Protected Data (FERPA) Health Protected Data (HIPPA) |
| Level 2 – Internal Data | Medium | Institutional data that should be protected from general access and/or restricted to protected groups or individuals. A reasonable level of security controls should be applied. | Non-Banner Information stored in and/or accessed via portal. Institutional data not publicly available and not classified as restricted. |
| Level 3 – Public Data | None | All public institutional data. While little or no controls are required to protect this data, some levels of controls should be applied to prevent the unauthorized modification or destruction of the data. | Generally accessible institutional data such as information accessible on SharePoint that does not require authentication to access. |