4.01 Data Classification

I. Purpose

The purpose of this policy is to document the types and classifications for data and information used by or generated by Bradley University.

II. Description

Data stored in Bradley-owned computers or the cloud are defined by the following categories in increasing levels of privacy requirements:

  • Public – information available to the public.
  • Proprietary – information private to Bradley University.
  • Protected – information protected by laws and regulations such as FERPA, GDPR, HIPAA, and PCI. Information which, if revealed, can result in a financial, legal or significant privacy loss to members of the Bradley community is considered highly protected and additional security measures must be taken.

Information on Bradley University administrative servers, faculty/staff workstations, and cloud storage is considered as Proprietary or Protected unless that information is made public by authorized individuals.

III. Scope

This policy pertains to all University computers and cloud storage containing Bradley data.

Date Approved