4.01 Data Classification

I. Purpose

The purpose of this policy is to document the types and classifications for data and information related to the business of Bradley University.

II. Description

Data related to the business of Bradley University are defined by the following categories in increasing levels of privacy requirements:

  • Public – information available to the public.
  • Proprietary – information private to Bradley University.
  • Protected – information protected by laws and regulations such as FERPA, GDPR, HIPAA, and PCI. Information which, if revealed, can result in a financial, legal or significant privacy loss to members of the Bradley community is considered highly protected and additional security measures must be taken.

Information related to the business of Bradley University is considered as Proprietary or Protected unless that information is made public by authorized individuals.

III. Scope

This policy pertains to all devices, physical storage, and cloud storage containing Bradley data.

Date Approved Revision 1 Date
5/3/2016 8/9/2019