You are here: American University Information Technology IT Security Organizing Confidential Data

Organizing Confidential Data

National Get Organized Month is an opportunity to reduce risk to the University by thinking about the type of data your office handles.

Begin by reviewing the University’s Data Classification Policy and considering some of the actions provided below.

Actions to consider when organizing data for your office

  • Begin by determining whether your office handles Confidential data.
  • Define "Confidential" for your office, using the Data Classification Policy as your guide.
  • Discuss where the Confidential data should be stored for your office.
  • Communicate the location to your colleagues, so everyone that needs to know is aware.
  • Document guidelines and process for how to handle Confidential data within your office.
  • Consider adding an annual review process to ensure that the guidance and process is still valid.
  • Classify your electronic documents, by adding the Confidential classification to the footer.
  • Consider adding three pieces of data to your footer: CONFIDENTIAL American University

Data Classification Policy

This policy governs the privacy, security, and integrity of university data, especially confidential data, and outlines the responsibilities of institutional units and individuals for such data.

Confidential Data
Official Use Only Data
Unrestricted Data

Confidential data are considered the most sensitive and require the highest level of protection. Confidential data includes data that the university must keep private under federal, local, and state laws, contractual arrangements, or based on its proprietary worth. Confidential data may be disclosed to individuals on a strict need-to-know basis only.

Answer the following questions to determine whether the data is Confidential:

  1. Would you want to see this data printed in the Washington Post with American University and your name next to it?
  2. Are there any laws that say this data should be protected as confidential?

Official Use Only data is generally private to the University. Access is limited to AU community members on a need-to-know basis and it is not generally available to parties external to American University.

Unrestricted Data has no legal or other restrictions on access or usage and may be open to the university community and the general public.