The Ohio State University classifies its institutional data into three categories based on the level of sensitivity and risk associated with the exposure, misuse, or alteration of that data. The data classification determines which precautions must be taken when handling the information.
Information that is intended for broad distribution or freely available to any person or organization. This information has no existing access restrictions.
Example: Course Catalog
Limited Access Data
Data available without restriction but whose integrity must be maintained.
Example: Date of Birth, Ethnicity
Data protected or regulated by law or critical to university operations including sensitive personal information such as Social Security Numbers and personal health information.
Example: Bank Account Number, Student Academic Record
Restricted Data Elements
Restricted Data is data protected or regulated by law or critical to university operations. The following data elements have been identified as "Restricted Data" in advance of the formal data classification process due to the risk associated with unauthorized disclosure of these elements:
Limiting exposure to Restricted Data
Fisher College of Business provides software and processes to help limit unintended exposure of restricted data:
Identity Finder lets users find sensitive information on their computers by searching files, e-mails, and other system areas. Identity Finder can run on desktops, servers, databases, websites, and other remote machines. After identifying confidential data, Identity Finder presents these matches to users and lets them clean the data by securely shredding, redacting, encrypting, or using a number of other remediation features.
PGP Whole Disk Encryption
PGP software provides enterprises with comprehensive, nonstop disk encryption for Microsoft and Apple Mac OS X, enabling quick, cost-effective protection for data on desktops, laptops, and removable media. The encrypted data is continuously safeguarded from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.