What is Protected Information?
"Protected information" is an umbrella term for information that is linked to an individual person's identity, such as Social Security numbers, drivers' license data, and credit card or bank account information (sometimes called Personally-Identifiable Information, or PII) and which can be used to facilitate identity theft. Universities in particular have become attractive targets for hackers because of the freedom with which information is exchanged in an educational environment. Humboldt State University is legally required to be vigilant and proactive in the protection of PII that's been entrusted to our care.

Azusa Pacific University has developed a Data Classification Policy, the main points of which are described below, that aims to identify and protect private data  entrusted to the University. This policy mandates that all University employees locate existing protected data in their area and either destroy it or store it in approved areas and protect it.

Data Classification Policy
The Data Classification Policy defines data classification standards for Azusa Pacific University. It also establishes requirements for the protection of Level 1 Protected data and Level 2 Private data stored on campus computers.  The full copy of the Data Classifcation Policy is available at http://www.apu.edu/imtpolicies/

Level 1 and Level 2 data may only be stored on University-owned computers.

All campus computers must be scanned for the presence of personally-identifiable information (see Protected Information Survey below)

Data Classification Standards
Data classification standards have been developed by  Azusa Pacific University to classify various types of information as outlined below:

Level 1 - Confidential Data: data governed by existing law or statute such as Social Security number, credit card account information, or health information

Level 2 - Private Data: information that must be protected because of ethical or privacy concerns, such as grades, disciplinary actions, or employment history

Level 3 - Public Data: information such as a person's title, email address, or other directory information that is freely available in the public domain

Protected Information Survey
The University is in the process of collecting information to determine the volume and location of confidential data stored on campus computers.

This Protected Information Survey contains:
  1. Tools and instructions to assist in locating and scanning for PII
  2. A form to be completed when campus computers are scanned for PII
  3. A form to request permission to store Level 1 or Level 2 data if applicable
  4. Handling Protected Data
If you find protected data on a system under your control, the following options are available to you:
  1. If it no longer meets a business need - destroy it
  2. If it needs to be kept - move it to a secure and labeled CD or other offline location, or to a secure server, and ensure that it is encrypted.
  3. If the protected data is not essential to the document containing that data, edit it to remove the sensitive data
Remember that  Azusa Pacific University protected data may only only be kept on campus systems.

Keeping Protected Data
Level 1 or Level 2 data may only be kept on a system if it meets the following conditions:
  1. There must be a documented current business need
  2. Approval has been obtained from the University President or authorized representative using the required form.
  3. The system is using University-supported encryption to protect the data from unauthorized access and is in compliance with HSU-mandated security standards.
You must be logged in to add gadgets that are only visible to you