Data Classification Guide to IT Services

What types of data can be used with different IT services and tools

Data Classification Guide to IT Services

Use this guide to make informed decisions about where to safely store and share university data. Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable. Please visit the Core Security Standards webpage for more information about how to safely secure workstations and servers.  Contact IT-Security@uiowa.edu or Research-Computing@uiowa.edu with any questions.

Data Types

Public: data that is public, or published with no restrictions.  Examples include published "white pages" directory information, maps, academic course descriptions, news releases.

University/Internal: data that is non-public or internal data.  Examples of institutional data include official university records, financial reports, unofficial student records, de-identified research data. 

Restricted: data that is confidential or restricted due to personal privacy considerations or compliance regulations and laws.  Examples include student transcripts, identifiable human subjects research data, full-face photogenic images or videos, financial aid data.

Critical: data that has the most stringent legal or regulatory requirements and requires special security controls.  Examples include data governed by HIPAA (personal health information), Social Security Numbers (NOTE - if you need to store SSNs, please work with the IT Security Office to determine the best storage location), credit card information (PCI), personal identifiers (passport/driver's license numbers), data governed by ITAR (export-controlled).  
PLEASE NOTE - PCI data should not be stored on any of the services listed below.  If you are working with PCI data, please contact the IT Security Office.

 

Subsets of Critical Category

For the purposes of this article, the following subsets of Critical data are included to define more clearly which campus services allow this type of information. The Critical category is very much dependent on what the specific regulation states. If you have questions about what data in the Critical category can be stored/used on any of the below services, please contact Research-Computing@uiowa.edu.

Critical - Export-Controlled: U.S. defense-related data where disclosure to a foreign national must be prevented.  Examples include military items, space-related technology, technical defense data (e.g. ITAR, EAR)

Critical - HIPAA: protected health information (PHI) coupled with any HIPAA identifiers. PLEASE NOTE - If you intend to store PHI from UIHC on services not managed by UIHC, you are responsible for obtaining approval from the UIHC Data Governance group.  Please contact icts-bmi-consulting@healthcare.uiowa.edu for more information.

 

IT Tools & Services

Service Public University/Internal Restricted/Critical (personal identifiers & other general sensitive information only) Export-Controlled HIPAA
Apple iCloud
AWS Cloud Enterprise
https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png
Box
Dispatch
Dropbox
Globus
Google Drive
Home Drives (Files@Iowa)
HPC Systems
Large Scale Storage (LSS)***
https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png
ICON
https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png
Interactive Data Analytics Service https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png
Iowa Health Data Resource (IHDR) Data Enclave Data sets containing data generated by University of Iowa Hospitals and Clinics, regardless of the classification of other data in the set.
Microsoft Azure Cloud Services Enterprise
Microsoft OneDrive for Business
Microsoft SharePoint Online (O365)
Microsoft Teams https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png
Microsoft Teams (Apps & Add-ins) https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png
https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png
Personal Cell Phones https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.53.49%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.31.31%20AM_0.png
Personal Devices (e.g. laptops, USBs, personal cloud services, etc.)
Qualtrics
R: Drive
REDCap
Research Data Storage Service (RDSS)***
https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png
Research Remote Desktop Service
Secure Device Service
Shared Drive (Files@Iowa)
Skype for Business
UICapture 
https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png
XNAT
Zoom
https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png https://its.uiowa.edu/sites/its.uiowa.edu/files/wysiwyg_uploads/Screen%20Shot%202017-12-15%20at%2010.54.54%20AM.png

Legend

 Permitted
IT Security Consultation Required.  Please contact  IT-Security@uiowa.edu or Research-Computing@uiowa.edu

Not Permitted
*** HIPAA data should only be stored on a CIFS share

 

Article number: 
110901
Last updated: 
August 19, 2022
Service: 
Protecting Sensitive Data
Category: 
Quick Reference Guide