Summary

Information Classification

Guidelines for selecting appropriate classification of information

 

 

 

Public

Internal

Confidential

Highly Confidential

Definition

Information which

  • may, or must, be available to the public;
  • and has been formally approved for public release.

Information which

  • is generally accessible within the University to those employees with a legitimate university purpose; and
  • must be protected against unauthorized use, access, disclosure, acquisition, modification, loss, or deletion.

 

Information which

  • requires special handling and controls specific to each work environment that limit access and use; and
  • is considered by the University’s senior management to be private and confidential; and
  • must be protected against unauthorized use, access, disclosure, acquisition, modification, loss, or deletion.

Information which

  • requires the strictest rules of handling and usage;
  • is protected and/or regulated by statutes, policies, or regulations; and
  • may also include information for which an Information Trustee has exercised his or her right to restrict access.

Examples

Course catalog

Directory

University stats.

Organization charts

University policies

Student records

Contracts

Non-disclosure agreements

Donor contact information

Social security number

Medical records

Passwords

 

 

General Rules

  • Information should be classified at the appropriate level.  Over classifying makes needed information less accessible.
  • All Information is treated as Confidential until it is officially classified.
  • Information provided via a Data Sharing Agreement cannot be shared with others unless specified in the agreement.

 

 

BYU (Internal) Request

 

 

Public

Internal

Confidential

Highly Confidential

Permission needed from …

 

Requestor’s supervisor

Information Steward

Information Steward

Data Sharing Agreement (DSA)

 

 

required

required

Data accessible to …

anyone

BYU employees*

specified in DSA

specified in DSA

 

* Active BYU employees with a legitimate university need as determined by the requester’s line supervisor.

 

External Request

 

 

Public

Internal

Confidential

Highly Confidential

Permission needed from …

 

Information Steward

Information Steward

Information Steward

Review by General Counsel

 

required

required

required

Data Sharing Agreement (DSA)

 

required

required

required

Data accessible to …

anyone

specified in DSA

specified in DSA

specified in DSA