Data and Information Classification @ Yale University
Levels of data security at Yale
Good data security is about more than confidentiality - we also want to protect our academic and business data against loss due to accident or technical problems.
At Yale we have devised a three-level system to categorize data security:
1-Lock records are available to the public or are issued to a school-wide or University-wide audience. Examples include course catalogues, bulletins, press releases, and student directory information.
1-Lock data can reside on your desktop computer, laptop computer, smartphone, or other local or portable device. Although confidentiality is not the primary concern, 1-Lock data may be very important to the continuity of University business. 1-Lock data should always be backed up using Yale's centralized and automated Backup Service.
2-Lock records are those that do not contain information in the "3-lock" category but that are not available to the public or a broad University audience. Many student records and University business records would fall into this category
2-Lock data should primarily reside on Yale's centralized file storage services, unless important and temporary circumstances warrant short-term storage on local office computers, laptops, or smartphones. 2-Lock data on local devices should always be protected by a password or local encryption, with explicit authorization from your supervisor.
3-Lock records contain information that: (1) could be misused by a criminal, (2) Yale is contractually obligated to keep confidential or that (3) most people would share only with their family, their doctor, their lawyer, or their accountant.
Examples of 3-Lock data include Social Security numbers, credit card numbers, trade secrets, medical records, tax records, grades for assignments and courses, passport numbers, Veterans Administration data, and bank account numbers.
3-Lock data should always be stored on Yale's centralized file storage services, and should never reside on a local computer, laptop, or smartphone. Furthermore, credit card data may only be stored if it is encrypted.