Data classification is the process of organizing data into information security categories in support of data security handling requirements.
Data classification, data privacy, and protection standards at Towson University require that every employee takes appropriate measures to safeguard the confidentiality, integrity, availability, and quality of data throughout its lifecycle, from creation to destruction.
TU categorizes data into three types (Public, Protected, and Confidential) to provide guidance on the proper handling of that data:
Data intended for general public use. An example is the university’s online directory.
Protected is the default classification of data at TU. Protected data is considered private and intended for internal use only. It includes all data which are not legally restricted, and which may be accessed by university employees in the performance of official university business. Examples include, but are not limited to non-sensitive FERPA PII data, TU ID numbers, and third-party contracts.
Confidential data is sensitive information that needs to be carefully protected from unauthorized access (data as defined under HIPAA, PCI or other federal law). Examples include, but are not limited to medical records, financial data, credit card payment data, sensitive FERPA PII data, background checks for employment or business-related information, and Personally Identifiable Information (PII).
PII, as defined in the Maryland Code under State Government Article §10-1301, is an individual’s first name or first initial and last name, personal mark, or unique biometric or genetic print or image, in combination with one or more of the following data elements:
Sensitive FERPA PII, consists of data that falls under PII as defined in the Maryland Code under State Government Article, §10-1301 and / or that may be considered harmful to an individual or Towson University in the event of unauthorized access.
Questions or other comments on these standards should be directed to the Office of Technology Services (OTS) by submitting a TechHelp service request. Requests for exceptions or guidance should also be directed to OTS.