UNL data security classifications - definitions

Please review data security guidelines - examples appendix for specific examples.

  1. Purpose

    Information we rely upon as an institution falls into categories that represent different needs and responsibilities. The University of Nebraska-Lincoln must provide a common framework for understanding the needs surrounding different types of data. This framework will form the basis for a common understanding across the institution. All members of the UNL community must be responsible stewards of the data we create, share and rely upon.

  2. Applicability

    Understanding these  guidelines is the responsibility of all members of the University of Nebraska-Lincoln community - faculty, staff, students and affiliates. By understanding the differences between types of data it is possible to understand their different requirements and how to protect data appropriately. Treating different types of data responsibly, in accordance with any specific needs, allows us to focus our resources and investments where they will do the most good.

  3. Data security guidelines (definitions)

    1. Public data

      Public data consists of institutional data that has been intentionally released to the public by a person with authority to do so and (or) a class of data defined as part of the public record. There may be copyright, Creative Commons or other expectations placed on the data, but it is generally available for public consumption.

    2. Non-public data

      Non-public data consists of data that is not protected by regulatory requirements, but should be protected from public view. This data might include (but is not limited to) academic, research, athletic, public service or administrative data that is restricted for reasons related to public or individual safety, competition, ongoing development or is otherwise sensitive in nature.

    3. Confidential data

      Confidential data is strictly protected by federal, state, university, professional code or other binding regulation. Any data that could, by itself or in combination with other such data, be used for identity theft, fraud or other such crimes should be treated as confidential data.

  4. Responsible use requirements

    General computer use policies at UNL are supported by this document. More specific recommendations and best practices will be established and updated by the UNL Information Security Office.

  5. Legally mandated or authorized release

    This document does not address legal or authorized release of data. Information is subject to applicable legal requests such as the Clery Act, Freedom of Information Act or subpoena.

  6. Individual responsibility

    Each member of the UNL community is individually responsible for ensuring that data is maintained responsibly and within recommended guidelines.

  7. Additional resources

    Situations may arise for which additional advice may be required. The UNL Information Security Office, Internal Audit, the Office of the General Counsel or business or academic unit leadership should be consulted as appropriate (this document is a guide and not definitive policy). Training on data security has been licensed for UNL and is available  within the SANS “Securing the Human” video-based training modules.