. .

Data Classification

Institutional Data

Information exists in many different forms at The Ohio State University and is considered an asset that must be protected appropriately. The university has established guidelines for protecting our information assets or institutional data.

Institutional data is defined as:

all data created, collected, maintained, recorded or managed by the university, its staff, and agents working on its behalf.

This includes data used for planning, managing, operating, controlling, or auditing university functions, data used by multiple university units, and data used for university reporting.

Classifications

The Ohio State University classifies its institutional data into three categories based on the level of sensitivity and risk associated with the exposure, misuse, or alteration of that data. The data classification determines which precautions must be taken when handling the information.

  1. Public Data: Information that is intended for broad distribution or freely available to any person or organization. This information has no existing access restrictions.
    Example: Course Catalog
  2. Limited Access Data: Data available without restriction but whose integrity must be maintained.
    Example: Date of Birth, Ethnicity
  3. Restricted Data: Data protected or regulated by law or critical to university operations including sensitive personal information such as Social Security Numbers and personal health information.
    Example: Bank Account Number, Student Academic Record