GLOBAL Alert Overide

Vight condensed lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergr sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consedipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.

Add Text
Second Button
Skip to main content
University of Florida

Data Classification Policy

Elias G. Eldayrie, Vice President & CIO

It is a responsibility of all faculty and staff to secure the confidentiality of data stored at the University of Florida. A crucial first step is identifying data requiring specific protection.

The university’s Data Classification policy provides the basis for protecting the confidentiality of UF data by establishing a data classification system. Deans, directors, and department chairs, in their roles as data owners, are responsible for classifying data used within their units. There are three classification levels:

  • Restricted – Data in any format collected, developed, maintained or managed by or on behalf of the university, or within the scope of university activities that are subject to specific protections under federal or state law or regulations or under applicable contracts. Examples include, but are not limited to medical records, social security numbers, credit card numbers, Florida driver licenses, non-directory student records and export controlled technical data.
  • Sensitive – Data whose loss or unauthorized disclosure would impair the functions of the university, cause significant financial or reputational loss or lead to likely legal liability. Examples include, but are not limited to, research work in progress, animal research protocols, financial information, strategy documents and information used to secure the university’s physical or information environment.
  • Open – Data that does not fall into any of the other information classifications. This data may be made generally available without specific information owner’s designee or delegate approval. Examples include, but are not limited to, advertisements, job opening announcements, university catalogs, regulations and policies, faculty publication titles and press releases.

Existing and future information security policies will specify required controls for specific data and information systems based upon these classifications. The full Data Classification policy and a guide to assist users are available at: www.it.ufl.edu/policies.