Data needs to be categorized so that informed choices can be made about how it is managed, protected, and shared, both within and outside of Union. We do that by applying sensitivity labels to document how confidential the files are.
In Microsoft Office applications, you may be prompted to tag a file as confidential if it thinks it contains sensitive information (see samples below). We do this for a variety of reasons:
- Protect the integrity, availability, and confidentiality of data.
- Safeguard personally identifying information and proprietary business information.
- Stay compliant with regulations, guidelines, and laws.
Sensitivity classifications can be applied from the Microsoft tool bars. Below is an generic example from Microsoft.
Once a file has been tagged for sensitivity, you may see its category in Microsoft applications as shown below.
There are three levels of sensitivity that we are applying to our data – General, Personal, Confidential.
GENERAL: is the lowest level of data sensitivity. This is commonly information that is either created for public distribution or easily accessible. Examples would be: job advertisements, marketing brochures, information for a public website, news releases, etc.
PERSONAL: is the next level of data sensitivity. This is information that is best kept private. If it were exposed, it would pose a moderate risk to Union or individuals. Examples would be: private contact information, research data, business plans, budget information, student ID numbers, vendor contact information, internal policies, etc.
CONFIDENTIAL: is the highest level of data sensitivity. This information needs to be closely guarded. If this data was lost, altered, or exposed, it would be most damaging to Union and/or individuals. This information would typically contain financial, account/credit card data, healthcare information, social security numbers, employee or student records. These types of data frequently contain Personally Identifiable Information (PII) or Intellectual Property (IP).