UCO Data Classification Guide

All UCO Faculty, staff, students and contractors are responsible for protecting the university data they access or use within the scope of their employment and must comply with the UCO Information Security Policy.  The policy applies to all devices used to access university data including university owned and managed computers as well as personal devices (tablets, Smartphones, thumb drives). 

It is your responsibility to know the security classification for the data you are authorized to use, the appropriate places to store the data, how to securely dispose of the data, and how to report a breach or compromise of university data. 

The objective of this guide is to assist you in classifying the data you use and determining the appropriate storage options.   

Data Classification:

Confidential information can only be shared on a “need to know” basis with a limited number of individuals who have been identified by the appropriate Information Owner/designee or by the Information Security Governance Board. Confidential information includes information that is protected under government, Regents, or university regulation. Controlled use. (High Risk)

Internal information can be shared with designated members of the University community. Sharing such information with individuals outside of the University community requires authorization by the appropriate Information Owner/designee. (Moderate Risk)

Public information   can be freely shared with individuals on or off campus without any further authorization by the appropriate Information Owner/designee. (Low Risk)

data types infographic

Classification of Commonly Used UCO Data:

The following table identifies the security classification for data commonly used at UCO.  This list is not comprehensive and is meant to serve only as an example.   It is your responsibility as the user of data to know its classification and ensure that the correct storage and sharing procedures are followed. 

Table: Data Type, Classification and Designated Storage Examples

Data Type

Confidential

Internal

Public

May be stored in…

OnBase, UCO Fileshares, UCO Designated File Share/Collaboration, Blackboard Transact, Banner, D2L, Qualtrics, People Admin, Maxient, Blackboard Analytics, UCO OneDrive*

* Social Security Numbers should NOT be stored in OneDrive

Wiki, Email, Portal, Video from Surveillance, Basecamp

Plus confidential storage options.

UCO – owned Desktop Computers, Web, Mobile Devices, Crash Plan, thumb drives, Non-UCO affiliated Dropbox accounts*, Non-UCO OneDrive accounts*, Non-UCO affiliated Google Drive accounts*, etc.

Plus confidential or internal storage options.

Banner ID

x

Student email address and communications

x

x

Student Grades

x

Student Ethnicity

x

Student Gender

x

Student and Staff Social Security Numbers

x

Date and Place of Birth

x

Credit Card

Credit Card information cannot be stored on UCO systems.

Bank Account Information

Bank Account information can be stored in UCO approved payroll system only.

Driver’s License Numbers

x

Compiled student data without identifiers

x

x

Text for Department Website

x

x

x

Conference Presentation

x

x

x

Department Report/Presentation

x

x

*A non-UCO affiliated account refers to any account that is established using an email other than an email address ending in "@uco.edu".

Common Examples of Effective Data Use and Storage

I have downloaded student grades from D2L and have them in an Excel document. Can I store that on my desktop computer?

  • No. Student grades are considered confidential data and must be stored using a designated storage option.

You have a report that includes student Banner ID numbers. Can I send that report to a UCO employee using my UCO.edu email.

  • No.  Banner IDs are considered confidential data and must be stored and shared using a designated storage option. Email can only be used to share Internal or Public data.

I am giving a presentation at conference next week. Can I store my presentation files on a thumb drive?

  • Yes. Depending on the data included in your presentation and with appropriate authorizations (e.g. IRB approval, etc.), conference presentation files would likely be classified as public and can be stored on a thumb drive. 

Questions and Consultation Regarding Data Classification and Use

For questions regarding data classification and storage, contact the UCO Service Desk at 405-974-2255 or support@uco.edu.