Data Classification Guide to IT Services

What types of data can be used with different IT services and tools

Data Classification Guide to IT Services

Use this guide to make informed decisions about where to safely store and share university data. Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable. Please visit the Core Security Standards webpage for more information about how to safely secure workstations and servers.  Contact IT-Security@uiowa.edu or ITS-TechCompliance@uiowa.edu with any questions.

Data Types

Level I - Low Sensitivity: data that is public, or published with no restrictions.  Examples include published "white pages" directory information, maps, academic course descriptions.

Level II - Moderate Sensitivity: data that is non-public or internal data.  Examples of institutional data include official university records, budget information, unofficial student records, some research data.  PLEASE NOTE - The University of Iowa recognizes genetic data as non-identifiable, Level II data unless paired with other identifiers.

Level III - High Sensitivity: data that is confidential or restricted due to personal privacy considerations or compliance regulations and laws.  Examples include social security numbers, human subjects research data, identifiable health information, full-face photogenic images or videos. PLEASE NOTE - PCI data should not be stored on any of the services listed below.  If you are working with PCI data, please contact the IT Security Office.

Export-Controlled - High Sensitivity: U.S. defense-related data where disclosure to a foreign national must be prevented.  Examples include military items, space-related technology, technical defense data (e.g. ITAR, EAR)

HIPAA - High Sensitivity: protected health information (PHI) from the University of Iowa Hospitals and Clinics.  Examples of Level III data combined with any health information.

IT Tools & Services

Service

Level I

Level II

Level III

Export-Controlled

HIPAA

Research Data Storage Service (RDSS)

Large Scale Storage (LSS)

Home Drives (Files@Iowa)

Shared Drive (Files@Iowa)

OneDrive for Business

SharePoint Online (O365)

DropBox

Google Drive

Apple iCloud

Box

Personal Devices (e.g. laptops, USBs, personal cloud services, etc.)

AWS Cloud Enterprise

Microsoft Azure Cloud Services Enterprise

HPC Systems

Dispatch

REDCap

Research Remote Desktop Service

Qualtrics

Skype for Business

Legend:

 Permitted
Permitted with IT Security Consultation
Not Permitted

 

Article number: 
110901
Last updated: 
September 6, 2018
Service: 
Protecting Sensitive Data
Category: 
Quick Reference Guide