Skip to main content

Office of Information Technology

Organizing Confidential Data

National Get Organized Month is an opportunity to reduce risk to the University by thinking about the type of data your office handles. 

Begin by reviewing the University’s Data Classification Policy and considering some of the actions provided below.

University Data Classification Policy

This policy governs the privacy, security, and integrity of university data, especially confidential data, and the responsibilities of institutional units and individuals for such data. The policy was signed with an effective date of April 7, 2009. There are three levels of classification.

Confidential Data: Confidential data are considered the most sensitive and require the highest level of protection. Confidential data includes data that the university must keep private under federal, local, and state laws, contractual arrangements, or based on its proprietary worth. Confidential data may be disclosed to individuals on a strict need-to-know basis only.

Answer the following questions to determine whether the data is Confidential:

  1. Would you want to see this data printed in the Washington Post with American University and your name next to it?
  2. Are there any laws that say this data should be protected as confidential?

Official Use Only Data: Official Use Only data is generally private to the University. Access is limited to AU community members on a need-to-know basis and it is not generally available to parties external to American University.

Unrestricted Data: Unrestricted Data has no legal or other restrictions on access or usage and may be open to the university community and the general public.

Actions to consider for organizing your office’s Confidential data:

  • Begin by scheduling an office meeting to determine whether your office handles Confidential data. 
  • Define Confidential for your office using the Data Classification Policy as your guide.
  • Discuss where your office should store Confidential data.
  • Communicate the location to your office so everyone that needs to know is aware.
  • Document guidelines and process for your office about how to handle Confidential data.
  • Consider adding an annual review process to ensure that the guidance and process is still valid. We live in a world of guaranteed change!
  • Classify your electronic documents by adding the Confidential classification to the footer.
  • How do I add a footer to my document?
  • Open up your version of Microsoft Word find Help and search on “footer”
  • Consider adding three pieces of data to your footer:

                CONFIDENTIAL        American University