Secure Computing

Data and Information Classification @ Yale University

Levels of data security at Yale 

Good data security is about more than confidentiality - we also want to protect our academic and business data against loss due to accident or technical problems.

At Yale we have devised a three-level system to categorize data security:

1-Lock Data

1-Lock1-Lock records are available to the public or are issued to a school-wide or University-wide audience. Examples include course catalogues, bulletins, press releases, and student directory information.

1-Lock data can reside on your desktop computer, laptop computer, smartphone, or other local or portable device. Although confidentiality is not the primary concern, 1-Lock data may be very important to the continuity of University business. 1-Lock data should always be backed up using Yale's centralized and automated Backup Service.

2-Lock Data

2-Lock2-Lock records are those that do not contain information in the "3-lock" category but that are not available to the public or a broad University audience. Many student records and University business records would fall into this category

2-Lock data should primarily reside on Yale's centralized file storage services, unless important and temporary circumstances warrant short-term storage on local office computers, laptops, or smartphones. 2-Lock data on local devices should always be protected by a password or local encryption, with explicit authorization from your supervisor.

3-Lock Data

3-Lock3-Lock records contain information that: (1) could be misused by a criminal, (2) Yale is contractually obligated to keep confidential or that (3) most people would share only with their family, their doctor, their lawyer, or their accountant.

Examples of 3-Lock data include Social Security numbers, credit card numbers, trade secrets, medical records, tax records, grades for assignments and courses, passport numbers, Veterans Administration data, and bank account numbers. 

3-Lock data should always be stored on Yale's centralized file storage services, and should never reside on a local computer, laptop, or smartphone. Furthermore, credit card data may only be stored if it is encrypted.