Information Resources and Technology Policy

Section	Policy Name	Policy Number
Data Access	Data Classification	4.01

Policy Purpose

The purpose of this policy is to document the types and classifications for data and information stored on Bradley University computers.

Policy Description

Data stored in Bradley owned computers are defined by the following categories in increasing levels of secrecy requirements:

Public – information available to the public.
Proprietary – information private to Bradley University.
Protected – information protected by laws and regulations such as FERPA, HIPAA and PCI. Information which, if revealed, can result in a financial, legal or significant privacy loss to members of the Bradley community is considered highly protected and additional security measures may be taken.

Information on Bradley University administrative servers and faculty/staff workstations is considered at proprietary or protected unless that information is made public by authorized individuals.

Policy Scope

Policy Definitions

FERPA – Family Education and Privacy Act - http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
HIPAA – Health Insurance Portability and Accountability Act - http://www.hipaa.org/
PCI – Payment Card Industry - https://www.pcisecuritystandards.org/

Date Approved	Revision 1 Date	Rrevision 2 Date	Rervision 3 Date	Revision 4 Date	Revision 5 Date

maintained by D. Randall/S. Renken