{"id":8465,"date":"2025-01-29T14:17:46","date_gmt":"2025-01-29T19:17:46","guid":{"rendered":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/best-practices\/data-classification-collaboration\/data-classification\/"},"modified":"2025-04-08T14:43:46","modified_gmt":"2025-04-08T18:43:46","slug":"data-classification","status":"publish","type":"page","link":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/governance-risk-and-compliance\/information-technology-policies-procedures\/data-classification-collaboration\/data-classification\/","title":{"rendered":"Data Classification & Handling"},"content":{"rendered":"

Quick Reference Guide:<\/strong> Data Classifications with Administrative Examples<\/h3>\n\n\n\n\n\n\n
CLASSIFICATION<\/strong><\/td>\n<\/tr>\n
\n

Level 1:<\/b><\/p>\n

Information intended and released for public use.<\/p>\n<\/td>\n

\n

Level 2:<\/b><\/p>\n

Information that may be shared only within the Trinity community.<\/p>\n<\/td>\n

\n

Level 3:<\/b><\/p>\n

Confidential and sensitive information intended only for those with a \u201cbusiness need to know.\u201d<\/p>\n<\/td>\n

\n

Level 4:<\/b><\/p>\n

High-risk information that requires strict controls.<\/p>\n<\/td>\n<\/tr>\n

\n

The College intentionally provides this information to the public.<\/p>\n<\/td>\n

\n

The College keeps this information private, but its disclosure would not cause material harm.<\/p>\n<\/td>\n

\n

Disclosure of this information beyond intended recipients might cause material harm to individuals or the College.<\/p>\n<\/td>\n

\n

Disclosure of this information beyond specified recipients would likely cause serious harm to individuals or the College.<\/p>\n<\/td>\n<\/tr>\n

\n

Examples <\/b><\/b><\/p>\n

    \n
  • Published research<\/li>\n
  • Course catalogs<\/li>\n
  • Published faculty and staff information<\/li>\n
  • Student directory information*<\/li>\n
  • Basic emergency response plans (life safety)<\/li>\n
  • College-wide policies<\/li>\n
  • Trinity publications<\/li>\n
  • Press releases<\/li>\n
  • Published marketing materials<\/li>\n
  • Regulatory and legal filings<\/li>\n
  • Published annual reports<\/li>\n
  • Code contributed to Open Source<\/li>\n
  • Released patents<\/li>\n
  • Plans of public spaces<\/li>\n<\/ul>\n

     <\/p>\n

    *Directory information about students who have requested FERPA blocks must be classified and handled as Level 3, at minimum.<\/p>\n<\/td>\n

\n

Examples <\/b><\/b><\/p>\n

    \n
  • Department policies and procedures<\/li>\n
  • Employee web\/intranet portals<\/li>\n
  • Trinity training materials<\/li>\n
  • Pre-release articles<\/li>\n
  • Drafts of research papers<\/li>\n
  • Work papers<\/li>\n
  • Patent applications<\/li>\n
  • Grant applications<\/li>\n
  • Non-public building plans or layouts (excluding L3 or L4 items)<\/li>\n
  • Information about the physical plant (excluding L3 or L4 items)<\/li>\n
  • Non-sensitive administrative survey data<\/li>\n<\/ul>\n<\/td>\n
\n

Examples <\/b><\/b><\/p>\n

    \n
  • Non-directory student information<\/li>\n
  • Non-published faculty and staff information<\/li>\n
  • HUID tied to an individual<\/li>\n
  • Personnel records<\/li>\n
  • Donor information (excluding L4 data points or special handling)<\/li>\n
  • Non-public legal work and litigation information<\/li>\n
  • Budget \/financial transactions information<\/li>\n
  • Non-public financial statements<\/li>\n
  • Information specified as confidential by vendor contracts and NDAs<\/li>\n
  • Information specified as confidential by Data Use Agreements<\/li>\n
  • General security findings or reports (e.g., SSAE16)<\/li>\n
  • Most Trinity source code<\/li>\n
  • Non-security technical specifications\/architecture schema<\/li>\n
  • Library\/museum object valuations<\/li>\n
  • IRB records<\/li>\n
  • Sensitive administrative survey data, such as performance reviews or course feedback, especially if free text response is permitted.<\/li>\n<\/ul>\n<\/td>\n
\n

Examples <\/b><\/b><\/p>\n