Skip to main content

New Data Classification Policy available for review and public comment

Faculty, staff and students can now review and comment on a proposed Data Classification Policy for the next 30 days (until July 13). The new policy would require that all University data be classified in one of four categories: Sensitive, Confidential, Internal or Public.  

Sensitive data includes Social Security numbers, driver’s license numbers, protected health information or protected research data. This kind of information must be protected to comply with state or federal laws or regulations.

Confidential data includes student records, personnel records, donor records or non-disclosure agreements. Either laws or contracts may require WVU to protect this information.

Internal data is information that is produced by the University and not intended to be shared with the public for safety, privacy or proprietary reasons. This includes such as WVUID number, confidential memos, floor plans or reports.

Public data is information that may be disclosed to anyone, regardless of whether they have an affiliation with the University. This includes course catalogs, website content, campus maps and directory information available under FERPA.

The proposed policy is available to view on the ITS Policies & Procedures webpage in the Policies Under Review section. Login credentials are required.

Questions or comments can be submitted to the ITS Information Security team at InfoSec@mail.wvu.edu by 11:59 p.m. on Friday, July 13.

Standards identifying the security requirements for each data classification category will be provided by ITS later this year.

For more information visit the Policies and Procedures page on the ITS website.