Data and Information Classification @ Yale University
Levels of data security at Yale
Good data security is about more than confidentiality - we also want to protect our academic and business data against loss due to accident or technical problems.
At Yale we have devised a three-level system to categorize data security:
1-Lock records are available to the public or are issued to a school-wide or University-wide audience. Examples include course catalogues, bulletins, press releases, and student directory information.
1-Lock data can reside on your desktop computer, laptop computer, smartphone, or other local or portable device. Although confidentiality is not the primary concern, 1-Lock data may be very important to the continuity of University business. 1-Lock data should always be backed up using Yale's centralized and automated Backup Service.
2-Lock records are those that do not contain information in the "3-lock" category but that are not available to the public or a broad University audience. Many student records and University business records would fall into this category
2-Lock data should primarily reside on Yale's centralized file storage services, unless important and temporary circumstances warrant short-term storage on local office computers, laptops, or smartphones. 2-Lock data on local devices should always be protected by a password or local encryption, with explicit authorization from your supervisor.
3-Lock records contain information that: (1) could be misused by a criminal, (2) Yale is contractually obligated to keep confidential or that (3) most people would share only with their family, their doctor, their lawyer, or their accountant.
Examples of 3-Lock data include Social Security numbers, credit card numbers, trade secrets, medical records, tax records, grades for assignments and courses, passport numbers, Veterans Administration data, and bank account numbers.
3-Lock data should always be stored on Yale's centralized file storage services, and should never reside on a local computer, laptop, or smartphone. Furthermore, credit card data may only be stored if it is encrypted.
Identity Finder has been preconfigured to scan for credit card numbers, bank accounts, and social security numbers.