What is Sensitive Data?
Data that is considered private and must be protected, but has a lesser degree of impact associated with unauthorized disclosure and/or loss of control versus confidential data. Many kinds of information require reasonable levels of protection.
Inappropriate handling of restricted data could result in legal, ethical or other constraints. Because of this, sensitive information may not be accessed without specific authorization and only selective access may be granted.
Sensitive Data Elements
Data is classified as Sensitive if it contains any of the following:
- Attorney/client relationship
- Dependent's relationship to employee
- Home address
- Marital status or effective date
- Student conduct records
Guidance for individual data elements that must be treated as Confidential or Sensitive.
Sensitive Classification
Sensitive data often have these attributes:
- Protection measures not prescribed by legal or contractual requirements.
- Access rights are established around identified processes and needs.
- Handling this data requires elevated data security requirements.
Storage & File Exchange
Secure
Approved Storage
Sensitive data should only be stored on approved systems such as:
Secure Exchange
App State sensitive data should only use approved file-sharing solutions:
Unsecure Methods
Sensitive data should NEVER be stored or shared via:
- Email, instant messaging, social networks, P2P solutions
- Removable media (thumb drives, external hard drives)
- Any personal cloud storage accounts (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)
- Any personal computer devices (including smartphones)
Questions
If you are unsure whether you need to apply special care and handling to the information elements and assets you use, contact security@appstate.edu