Need assistance? Call 603-862-4242
This article is part four in our series on Five Ways You Help Keep the University Secure. This month, we discuss how to handle data with care.
Information security is everyone's responsibility, and understanding this concept is even more critical when it comes to protecting the University's information. Each of us needs to do our part to preserve the privacy of our community members' personal information. We also need to work to protect the confidentiality, integrity, and availability of information the University relies on to fulfill its mission.
When it comes to safeguarding the University's information, you are our best defense.
Federal laws, state regulations, and University policies require that all UNH employees protect the information of students, faculty, staff, prior students, former employees, parents, and those who have some kind of relationship with UNH. However, it also includes any information collected about people not affiliated with the University, when received on the University's behalf. When you work to keep everyone's information safe, it also means, by default, you're safeguarding your privacy and information.
How do we know which information requires protection? The University System of New Hampshire (USNH) Data Classification Policy provides a framework for determining the level of required protection for the varying types of institutional information created, used, stored, processed, or otherwise managed at UNH. You can find this policy in the UNSH Online Policy Manual Administrative Board - Operation and Maintenance of Property – Section 6. It is the foundation of the data classification framework.
Per this framework, there are three classifications of data at UNH
Public data do not need additional safeguards or special handling requirements. Public data includes information like staff directory information and campus maps.
Restricted data includes any information that must be protected by regulation or according to UNH or USNH policy. This information requires the most safeguards and often has specific handling requirements, which may dictate who can access it, where it can be stored, and how it can be shared or transmitted. Examples of restricted data include Social Security Numbers and credit card numbers.
Sensitive data is all the information in between. It also requires safeguards and has specific handling requirements. However, they are generally less stringent and may address privacy concerns precisely, rather than security. Examples of sensitive data include USNH ID numbers and gender.
Each department that uses or manages information classified as restricted or sensitive should have requirements for secure data handling and processing as part of their business processes and procedures. If you have questions about the classification of data you use in your role or about how to handle that data, discuss with your manager or reach out to Information Security Services.