Skip to main content

Data Classification Guidelines

Fordham University’s Data Classification and Protection Policy applies to all data produced, collected, stored, or used by the University, its employees, student workers, consultants, and agents during their relationship with the University.

The Data Classification Grid can help you better understand regulations and policies governing Fordham Protected and Fordham Sensitive Data and determine where to store your files. The Data Classification Grid is not exhaustive or detailed, and regulations and services offered change over time. Please contact IT Customer Care, visit the Tech Help page under My Pages  after logging in to fordham.edu, or email infosec@fordham.edu if you have any questions on secure data storage or sharing data with colleagues within or outside the University.

Did you know there's more to handling data safely than a strong password and storage solution? Find out by taking our free, self-paced online information security awareness training for employees. To access the courses, log in to Terranova - Security Awareness in the academic section under My Apps in the portal, fordham.edu.

Data Classification Types

Protected Data

Protected Data

Data that contains personally identifiable information.

Human Subject Research
Any sharing or storage of Human Subject Research data is subject to the approval of Fordham University’s Institutional Review Board.

Fordham
Provided Services
Data Types key:
Allowed Data may be stored with this service
Prohibited Data may not be stored with this service
If a number is assigned, data may be stored with this service under certain circumstances. See chart legend below, or click on the number.
  FERPA GLBA PII PHI/
HIPAA
Credit Card/PCI Attorney Privileged Data
Gmail™/Contacts Account

5

4

4

Prohibited
Prohibited

5

Text Messaging
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Google Drive

1

Prohibited

1

Prohibited
Prohibited

1

Core Google™ Apps: Classroom, Calendar, Docs, Groups, Chat, Sheets, Sites, Jamboard

1

Prohibited

1

Prohibited
Prohibited

1

Non-Core Google Apps (e.g., Photos, Maps, YouTube™)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
File Shares (S:\ drive) and Managed Servers
Allowed
Allowed
Allowed
Prohibited
Prohibited
Allowed
Equipment (desktop, laptop, tablet, smartphone)
Allowed

2

Allowed
Prohibited
Prohibited
Allowed
Removable Media (USB thumb drive)

2

2

2

2

Prohibited

2

Devices on PCI-compliant Network
Allowed
Prohibited
Allowed
Prohibited
Allowed
Prohibited
Blackboard®
Allowed
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Zoom Allowed

7

7

7

Prohibited

7

Panopto® Allowed Prohibited Prohibited Prohibited Prohibited Prohibited
OnBase® by Hyland 
Allowed
Allowed
Allowed
Allowed
Prohibited
Allowed
EasyVista™
Allowed
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
MailChimp®, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)

3

Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Qualtrics® Allowed Allowed Allowed Allowed Prohibited Prohibited
Rackspace Technology™ Cloud Files

4

4

4

Prohibited
Prohibited

4

Microsoft Azure™ Cloud Computing Platform

4

4

4

4

Prohibited

4

Smartsheet™

Prohibited

Prohibited

1

Prohibited Prohibited Prohibited
Microsoft OneDrive™ for Business

1

1

1

1

Prohibited

1

Microsoft Office 365™

1

1

1

1

Prohibited

1

Reclaim Hosting

1

Prohibited

Prohibited

Prohibited
Prohibited

Prohibited

Non-Fordham
Provided Services
Data Types key:
Allowed Data may be stored with this service
Prohibited Data may not be stored with this service
If a number is assigned, data may be stored with this service under certain circumstances. See chart legend below, or click on the number.
  FERPA GLBA PII PHI/
HIPAA
Credit Card/PCI Attorney Privileged Data
Personal desktop and laptop

6

Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Personal equipment (tablet, smartphone, removable media/thumb drive)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Personal third-party email services (e.g., personal Gmail™, Hotmail™, Yahoo®)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Text Messaging Prohibited Prohibited Prohibited Prohibited Prohibited Prohibited
Cloud storage services not covered by University agreements (e.g., Evernote®, Dropbox™, personal Google Drive, iCloud™, Amazon S3™, personal Microsoft Office 365™, personal Microsoft OneDrive™, personal Microsoft Azure™, personal Smartsheet™, and personal Reclaim Hosting services)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Image storage services not covered by University agreements (e.g., Flickr®, Instagram™, SmugMug®)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Third-party survey tools not covered by University agreements (e.g., SurveyMonkey®, Constant Contact®)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom™, personal Microsoft Teams™, FaceTime®, WhatsApp™) Prohibited Prohibited Prohibited Prohibited Prohibited Prohibited
1 This service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data.
2 To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, please contact the University Information Security Office at infosec@fordham.edu.
3 This service may be used with the approval of the identified data owner. Some data may be subject to regulation by Fordham's Information Risk Management Board (IRMB), and the use of these services must be vetted through the IRMB Risk Assessment process. For other questions, including identifying data ownership, please contact the UISO at infosec@fordham.edu.
4 Fordham Protected and Fordham Sensitive Data stored on these cloud services or emailed to non-Fordham recipients must be encrypted prior to transmission. To review your use of this technology for protected and sensitive data, please contact the University Information Security Office at infosec@fordham.edu.
5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4.
6 Limited use of non-Fordham provided services may be used for data protected under this class. Any communication beyond that is prohibited.
7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled.

Back to top

Sensitive Data

Sensitive Data

Internal procedures prohibit unauthorized disclosure of this data

Fordham Provided Services Guidelines for storing sensitive data (legend below defines symbols and numbers)
Gmail™/Contacts Account

5

Text Messaging
Prohibited
Google Drive

1

Core Google™ Apps: Classroom, Calendar, Docs, Groups, Chat, Sheets, Sites, Jamboard

1

Non-Core Google Apps (e.g., Photos, Maps, YouTube™)
Prohibited
File Shares (S:\ drive) and Managed Servers
Allowed
Equipment (desktop, laptop, tablet, smartphone)
Allowed
Removable Media (USB thumb drive)

2

Devices on PCI-compliant Network
Allowed
Blackboard®
Allowed
Zoom™

7

Panopto® Prohibited
OnBase® by Hyland
Allowed
EasyVista™
Prohibited
MailChimp®, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)

3

Qualtrics®

Allowed

Rackspace Technology Cloud Files

4

Microsoft Azure™ Cloud Computing Platform

4

Smartsheet™

1

Microsoft OneDrive™ for Business

1

Microsoft Office 365™

1

Reclaim Hosting

Prohibited

Non-Fordham Provided Services

Guidelines for storing sensitive data (legend below defines symbols and numbers)

Personal desktop and laptop
Prohibited
Personal equipment (tablet, smartphone, removable media/thumb drive)
Prohibited
Personal third-party email services (e.g., personal Gmail, Hotmail™, Yahoo®)
Prohibited
Text Messaging Prohibited
Cloud storage services not covered by University agreements (e.g., Evernote®, Dropbox™, personal Google Drive, iCloud™, Amazon S3™, personal Microsoft Office 365™, personal Microsoft OneDrive™, personal Microsoft Azure™, personal Smartsheet, and personal Reclaim Hosting services)
Prohibited
Image storage services not covered by University agreements (e.g., Flickr®, Instagram™, SmugMug®)
Prohibited
Third-party survey tools not covered by University agreements (e.g., SurveyMonkey®, Constant Contact®)
Prohibited
Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom™, personal Microsoft Teams™, Facetime®, WhatsApp™) Prohibited
Allowed Use allowed.
Prohibited
Use prohibited.
1 This service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data.
2 To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, please contact the University Information Security Office at infosec@fordham.edu.
3 This service may be used with the approval of the identified data owner. Some data may be subject to regulation by Fordham's Information Risk Management Board (IRMB), and the use of these services must be vetted through the IRMB Risk Assessment process. For other questions, including identifying data ownership, please contact the UISO at infosec@fordham.edu.
4 Fordham Protected and Fordham Sensitive Data stored on these cloud services or emailed to non-Fordham recipients must be encrypted prior to transmission. To review your use of this technology for protected and sensitive data, please contact the University Information Security Office at infosec@fordham.edu.
5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4.
6 Limited use of non-Fordham provided services may be used for data protected under this class. Any communication beyond that is prohibited.
7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled.

Back to top

Public Data

Public Data

Data may be available to the general public

Fordham Provided Services Guidelines for storing public data (legend below defines symbols and numbers)
Gmail/Contacts Account
Allowed
Text Messaging
Allowed
Google Drive
Allowed
Core Google Apps: Classroom, Calendar, Docs, Groups, Chat, Sheets, Sites, Jamboard
Allowed
Non-Core Google Apps (e.g. Photos, Maps, YouTube)
Allowed
File Shares (S:\ drive) and Managed Servers
Allowed
Equipment (desktop, laptop, tablet, smartphone)
Allowed
Removable Media (USB thumb drive)
Allowed
Devices on PCI-compliant Network
Allowed
Blackboard
Allowed
Zoom Allowed
Panopto Allowed
OnBase by Hyland
Allowed
EasyVista
Allowed
MailChimp, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)
Allowed
Qualtrics
Allowed
Rackspace Cloud Files
Allowed
Microsoft Azure Cloud Computing Platform Allowed
Smartsheet Allowed
OneDrive for Business Allowed
Microsoft Office 365 Allowed
Reclaim Hosting Allowed
Non-Fordham Provided Services Guidelines for storing public data (legend below defines symbols and numbers)
Personal desktop and laptop Allowed
Personal equipment (tablet, smartphone, removable media/thumb drive)
Allowed
Personal third-party email services (e.g., Personal Gmail, Hotmail, Yahoo)
Allowed
Text Messaging Allowed
Cloud storage services not covered by University agreements (e.g., Evernote, Dropbox, personal Google Drive, iCloud, Amazon S3, personal Office 365, personal OneDrive, personal Microsoft Azure, personal Smartsheet, and personal Reclaim Hosting services)
Allowed
Image storage services not covered by University agreements (e.g., Flickr, Instagram, SmugMug)
Allowed
Third-party survey tools not covered by University agreements (e.g., SurveyMonkey, Constant Contact)
Allowed
Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom, personal Teams, Facetime, WhatsApp) Allowed
Allowed Use allowed.
Prohibited
Use prohibited.
1 Service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data.
2 To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, please contact the University Information Security Office at infosec@fordham.edu.
3 This service may be used with the approval of the identified data owner. Some data may be subject to regulation by Fordham's Information Risk Management Board (IRMB), and the use of these services must be vetted through the IRMB Risk Assessment process. For other questions, including identifying data ownership, please contact the UISO at infosec@fordham.edu.
4 Protected and sensitive data stored on these cloud services or when emailed to non-Fordham recipients must be encrypted prior to transmission. To review your use of this technology for protected and sensitive data, please contact the University Information Security Office at infosec@fordham.edu.
5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4.
6 Limited use of non-Fordham provided services may be used for data protected under this class. Any communication beyond that is prohibited.
7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled.

Back to top