Data Classification Guidelines
Monroe University Data Classification Guidelines
The Data Classification Chart can help you better understand regulations and policies governing Restricted and Private Data and determine where to store your files. The Data Classification Chart is not exhaustive or detailed, and regulations and services offered change over time. Also, though a service may be designated as permissible to store data, effort should be made to ensure the data is not compromised by utilizing encryption methods where possible. Please contact the Office of the CIO if you have any questions on secure data storage or the sharing of data with colleagues within or outside the College.
Data Classification Charts
Data should be classified as Restricted when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the College or its affiliates. The highest level of security controls should be applied to Restricted data. Restricted data is any data that contains personally identifiable information (PII) concerning any individual, as well as any data that contains PII that is regulated by local, state, or Federal privacy regulations.
Y - Permissible to Store Data
N - Not Permissible to Store Data
| RESTRICTED
Monroe University Provided Service |
FERPA | GLBA | PII | HIPAA | PCI |
| Monroe Exchange Email Account | Y | Y | Y | N | N |
| Monroe Google Apps (Classrooms, etc.) | Y | N | Y | N | N |
| Monroe MS One Drive for Business | Y | N | Y | N | N |
| Monroe MS Office 365 | Y | N | Y | N | N |
| Monroe Share Folders | Y | Y | Y | N | N |
| Blackboard | Y | N | Y | N | N |
| MTS (Monroe Tracking System) | Y | N | Y | N | N |
| Slate CRM | Y | N | Y | N | N |
| Monroe Desktop, Laptop, Tablet | Y | Y | Y | N | N |
| Monroe Smartphone | N | N | Y | N | N |
| Device located on PCI compliant network | Y | N | Y | N | Y |
| Non Monroe University Provided Service | FERPA | GLBA | PII | HIPAA | PCI |
| Personal Desktop, Laptop, Tablet, Smartphone | N | N | N | N | N |
| Personal use Email Services (Google, Hotmail, etc.) | N | N | N | N | N |
| Personal Cloud Storage (Dropbox, Box, Google Drive, etc.) | N | N | N | N | N |
| Image Storage Services (Instagram, Flickr, etc.) | N | N | N | N | N |
| Social Media Services (Facebook, Twitter, etc.) | N | N | N | N | N |
| Third Party Survey Services not contracted by Monroe University | N | N | N | N | N |
Private Data
Data should be classified as Private when the unauthorized disclosure, alteration or destruction of that data could result in a moderate level of risk to the College or its affiliates. By default, all Institutional Data that is not explicitly classified as Restricted or Public data should be treated as Private data. A reasonable level of security controls should be applied to Private data. Examples of some of the type of data included are: budgets, contract negotiations, and compensation.
| PRIVATE Monroe University Provided Service |
Y - Permissible to Store Data N - Not Permissible to Store Data |
| Monroe Exchange Email Account | Y |
| Monroe Google Apps (Classrooms, etc.) | N |
| Monroe MS One Drive for Business | N |
| Monroe MS Office 365 | Y |
| Monroe Share Folders | Y |
| Blackboard | Y |
| MTS (Monroe Tracking System) | Y |
| Slate CRM | Y |
| Monroe Desktop, Laptop, Tablet | Y |
| Monroe Smartphone | N |
| Device located on PCI compliant network | Y |
| PRIVATE Monroe University Provided Service |
Y - Permissible to Store Data N - Not Permissible to Store Data |
| Personal Desktop, Laptop, Tablet, Smartphone | N |
| Personal use Email Services (Google, Hotmail, etc.) | N |
| Personal Cloud Storage (Dropbox, Box, Google Drive, etc.) | N |
| Image Storage Services (Instagram, Flickr, etc.) | N |
| Social Media Services (Facebook, Twitter, etc.) | N |
| Third Party Survey Services not contracted by Monroe University | N |
Public Data
| PRIVATE Monroe University Provided Service |
Y - Permissible to Store Data N - Not Permissible to Store Data |
| Personal Desktop, Laptop, Tablet, Smartphone | Y |
| Personal use Email Services (Google, Hotmail, etc.) | Y |
| Personal Cloud Storage (Dropbox, Box, Google Drive, etc.) | Y |
| Image Storage Services (Instagram, Flickr, etc.) | Y |
| Social Media Services (Facebook, Twitter, etc.) | Y |
| Third Party Survey Services not contracted by Monroe University | Y |
Default classification of data
Any data that contains PII concerning any individual or that is covered by local, state, or Federal regulations is classified as restricted data by default. All other data is classified as Private data by default.