Data security & classification: information for employees

All employees of the university are responsible for safeguarding the privacy and security of data stored on their individual computers and on any shared or removable media. They are also responsible for safeguarding all information to which they have been given access via applications, systems, reports, etc.

Every university employee has an obligation to abide by the standards of acceptable and ethical use included in the university's Data Computing Standards.

  • Use only those information technology and computing resources for which you are authorized.
  • Implement security in your daily interactions with people, data, systems, and facilities.
  • Be conscious of the environment around you and notify the appropriate security/system administrators if you notice any security vulnerability.
  • Use computing and information technology resources only for their intended purposes.
  • Safeguard the integrity of university data by taking reasonable steps to protect it from theft, destruction, unauthorized access, or any form of compromise resulting from negligent acts or omissions.
  • Create, access, use, and dispose of university data based on the data classification.
  • Back-up data, computer systems, and applications software to allow for recovery if needed.
  • Use antivirus software on any computer system which accesses university data or computing systems/resources.
  • Obtain authorization from the appropriate data custodian for the processing of university data or conducting university business on home computer systems.
  • Perform remote/distributed access to administrative or research computer systems via a virtual private network (VPN).
  • Notify the appropriate system, network, and/or security administrator(s) of any suspected or actual security violations/incidents.
  • Be aware that the university disclaims any loss or damage to software or data that results from its efforts to enforce its data computing standards.


Violation of university data and computing standards and guidelines may result in:

  • the loss of your computer account
  • disconnection from networks
  • denial of or limited access to, university data, applications, and/or computer systems
Individuals may be subject to reprimand, suspension, dismissal/termination, or other disciplinary action, based on the offense, and may be charged with criminal offenses or be subject to civil action for computer abuses, or violation of law within the confines of law.

Data classification

There are three classifications for university data.


Includes data:

  • whose loss, corruption, or unauthorized disclosure would be a violation of Federal or state laws/regulations or university contracts (i.e., protected data)
  • whose loss, corruption or unauthorized disclosure may impair the academic, research, or business functions of the university, or result in any business, financial, or legal lost
  • which is personally identifiable
  • which involves issues of personal privacy

Operational Use Only

Includes data:

  • whose loss, corruption, or unauthorized disclosure would not necessarily result in any business, financial or legal loss, but which the university has determined is critical to its business and requires a higher degree of handling than unclassified data.
  • which is available to data custodian approved users only


Includes data:

  • which does not fall into any of the data classifications noted above 
  • which may generally be made available without specific data custodian approval


More information

Related information is available on these government sites