Penn State University | Information Privacy and Security

home | phase ii | data classification scheme
Data Classification Scheme
In support of Phase II and University Policy, AD23 a Data Classification Scheme was developed. There are two primary classifications of systems and networks: public and non-public. In addition, there are three primary classifications of data: public, internal/controlled and restricted.

Public information is intended for distribution to the general public, both internal and external to the University. Release of the data either intentional or inadvertent would have no or minimal damage to the institution in any dimension.

Internal/Controlled information is intended for distribution within Penn State only, generally to defined subsets of the user population. Release of the data has the potential to create moderate damage to the institution. Such damage may be legal, academic (loss or alteration of intellectual property), financial, or intangible (loss of reputation).

Restricted information is data which the University has a legal, regulatory or contractual obligation to protect and for which access must be strictly and individually controlled and logged. The release of such data has the potential to here again create major damage to the institution. Examples of data in this category include Social Security Numbers and Personally Identifiable Health information.

The Data Classification is still under review by University committees and once approved, will be available to the Penn State Community.

Stay tuned!


...home PHASE II Scanning FAQs Fact Sheet Best Practices Supporting Tools General FAQs PSU Policies Links of Interest Educational Offerings	home \| phase ii \| data classification scheme Data Classification Scheme In support of Phase II and University Policy, AD23 a Data Classification Scheme was developed. There are two primary classifications of systems and networks: public and non-public. In addition, there are three primary classifications of data: public, internal/controlled and restricted. Public information is intended for distribution to the general public, both internal and external to the University. Release of the data either intentional or inadvertent would have no or minimal damage to the institution in any dimension. Internal/Controlled information is intended for distribution within Penn State only, generally to defined subsets of the user population. Release of the data has the potential to create moderate damage to the institution. Such damage may be legal, academic (loss or alteration of intellectual property), financial, or intangible (loss of reputation). Restricted information is data which the University has a legal, regulatory or contractual obligation to protect and for which access must be strictly and individually controlled and logged. The release of such data has the potential to here again create major damage to the institution. Examples of data in this category include Social Security Numbers and Personally Identifiable Health information. The Data Classification is still under review by University committees and once approved, will be available to the Penn State Community. Stay tuned!
Privacy and Legal Statements \| Copyright 2007 The Pennsylvania State University \| Contact Us