Skip to main content

Members of the University community should respond to the daily VitalCheck prompt at least 30 minutes prior to entering campus.

Data Classification Guidelines

Fordham University’s Data Classification and Protection Policy applies to all data produced, collected, stored, or used by the University, its employees, student workers, consultants, and agents during their relationship with the University.

The Data Classification Grid can help you better understand regulations and policies governing Fordham Protected and Fordham Sensitive Data and determine where to store your files. The Data Classification Grid is not exhaustive or detailed, and regulations and services offered change over time. Please contact IT Customer Care, visit your Tech Help link under My Pages on the Unversity portal, or email infosec@fordham.edu if you have any questions on secure data storage or sharing data with colleagues within or outside the University.

Did you know there's more to handling data safely than a strong password and storage solution? Find out by taking our free, self-paced online information security awareness training for employees. To access the course, log in to the Terranova app.

Data Classification Types

Protected Data

Protected Data

Data that contains personally identifiable information.

Human Subject Research
Any sharing or storage of Human Subject Research data is subject to the approval of Fordham University’s Institutional Review Board.

Fordham
Provided Services
Data Types key:
Allowed Data may be stored with this service
Prohibited Data may not be stored with this service
If a number is assigned, data may be stored with this service under certain circumstances. See chart legend below, or click on the number.
  FERPA GLBA PII PHI/
HIPAA
Credit Card/PCI Attorney Privileged Data
Fordham Gmail/Contacts Account

5

4

4

Prohibited
Prohibited

5

Text Messaging
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Fordham Google Drive

1

Prohibited

1

Prohibited
Prohibited

1

Fordham Core Google Apps: Classroom, Calendar, Docs, Groups, Chat, Sheets, Sites, Jamboard

1

Prohibited

1

Prohibited
Prohibited

1

Fordham Non-Core Google Apps (e.g., Photos, Maps, YouTube)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Fordham File Shares (S:\, P:\ drives) and Managed Servers
Allowed
Allowed
Allowed
Prohibited
Prohibited
Allowed
Fordham Equipment (desktop, laptop, tablet, smartphone)
Allowed

2

Allowed
Prohibited
Prohibited
Allowed
Fordham provided Removable Media (USB thumb drive)

2

2

2

2

Prohibited

2

Devices on PCI-compliant Network
Allowed
Prohibited
Allowed
Prohibited
Allowed
Prohibited
Blackboard
Allowed
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Zoom (using Fordham credentials) Allowed

7

7

7

Prohibited

7

Panopto Allowed Prohibited Prohibited Prohibited Prohibited Prohibited
Hyland/OnBase
Allowed
Allowed
Allowed
Allowed
Prohibited
Allowed
EasyVista
Allowed
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
MailChimp, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)

3

Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Qualtrics Allowed Allowed Allowed Allowed Prohibited Prohibited
Rackspace Cloud Files

4

4

4

Prohibited
Prohibited

4

Microsoft Azure Cloud Computing Platform (using Fordham credentials)

4

4

4

4

Prohibited

4

Smartsheet

Prohibited

Prohibited

1

Prohibited Prohibited Prohibited
OneDrive for Business (using Fordham credentials)

1

1

1

1

Prohibited

1

Fordham Office 365 (using Fordham credentials)

1

1

1

1

Prohibited

1

Reclaim Hosting

1

Prohibited

Prohibited

Prohibited
Prohibited

Prohibited

Non-Fordham
Provided Services
Data Types key:
Allowed Data may be stored with this service
Prohibited Data may not be stored with this service
If a number is assigned, data may be stored with this service under certain circumstances. See chart legend below, or click on the number.
  FERPA GLBA PII PHI/
HIPAA
Credit Card/PCI Attorney Privileged Data
Personal desktop and laptop

6

Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Personal equipment (tablet, smartphone, removable media/thumb drive)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Personal third-party email services (e.g., personal Gmail, Hotmail, Yahoo)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Text Messaging Prohibited Prohibited Prohibited Prohibited Prohibited Prohibited
Cloud storage services not covered by University agreements (e.g., Evernote, Dropbox, personal Google Drive, iCloud, Amazon S3, personal Office 365, personal OneDrive, personal Microsoft Azure, personal Smartsheet, and personal Reclaim Hosting services)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Image storage services not covered by University agreements (e.g., Flickr, Instagram, SmugMug)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Third-party survey tools not covered by University agreements (e.g., SurveyMonkey, Constant Contact)
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Prohibited
Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom, personal Teams, Facetime, WhatsApp) Prohibited Prohibited Prohibited Prohibited Prohibited Prohibited
1 Service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data.
2 To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, please contact the University Information Security Office at infosec@fordham.edu.
3 This service may be used with the approval of the identified data owner. Some data may be subject to regulation by Fordham's Information Risk Management Board (IRMB), and the use of these services must be vetted through the IRMB Risk Assessment process. For other questions, including identifying data ownership, please contact the UISO at infosec@fordham.edu.
4 Protected and sensitive data stored on these cloud services or when emailed to non-Fordham recipients must be encrypted prior to transmission. To review your use of this technology for protected and sensitive data, please contact the University Information Security Office at infosec@fordham.edu.
5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4.
6 Limited use of non-Fordham provided services may be used for data protected under this class. Any communication beyond that is prohibited.
7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled.

Back to top

Sensitive Data

Sensitive Data

Internal procedures prohibit unauthorized disclosure of this data

Fordham Provided Services Guidelines for storing sensitive data (legend below defines symbols and numbers)
Fordham Gmail/Contacts Account

5

Text Messaging
Prohibited
Fordham Google Drive

1

Fordham Core Google Apps: Classroom, Calendar, Docs, Groups, Chat, Sheets, Sites, Jamboard

1

Fordham Non-Core Google Apps (e.g., Photos, Maps, YouTube)
Prohibited
Fordham File Shares (S:\, P:\ drives) and Managed Servers
Allowed
Fordham Equipment (desktop, laptop, tablet, smartphone)
Allowed
Fordham provided Removable Media (USB thumb drive)

2

Devices on PCI-compliant Network
Allowed
Blackboard
Allowed
Zoom(using Fordham credentials)

7

Panopto Prohibited
Hyland/OnBase
Allowed
EasyVista
Prohibited
MailChimp, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)

3

Qualtrics

Allowed

Rackspace Cloud Files

4

Microsoft Azure Cloud Computing Platform (using Fordham credentials)

4

Smartsheet

1

OneDrive for Business (using Fordham credentials)

1

Fordham Office 365 (using Fordham credentials)

1

Reclaim Hosting

Prohibited

Non-Fordham Provided Services

Guidelines for storing sensitive data (legend below defines symbols and numbers)

Personal desktop and laptop
Prohibited
Personal equipment (tablet, smartphone, removable media/thumb drive)
Prohibited
Personal third-party email services (e.g., personal Gmail, Hotmail, Yahoo)
Prohibited
Text Messaging Prohibited
Cloud storage services not covered by University agreements (e.g., Evernote, Dropbox, personal Google Drive, iCloud, Amazon S3, personal Office 365, personal OneDrive, personal Microsoft Azure, personal Smartsheet, and personal Reclaim Hosting services)
Prohibited
Image storage services not covered by University agreements (e.g., Flickr, Instagram, SmugMug)
Prohibited
Third-party survey tools not covered by University agreements (e.g., SurveyMonkey, Constant Contact)
Prohibited
Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom, personal Teams, Facetime, WhatsApp) Prohibited
Allowed Use allowed.
Prohibited
Use prohibited.
1 Service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data.
2 To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, please contact the University Information Security Office at infosec@fordham.edu.
3 This service may be used with the approval of the identified data owner. Some data may be subject to regulation by Fordham's Information Risk Management Board (IRMB), and the use of these services must be vetted through the IRMB Risk Assessment process. For other questions, including identifying data ownership, please contact the UISO at infosec@fordham.edu.
4 Protected and sensitive data stored on these cloud services or when emailed to non-Fordham recipients must be encrypted prior to transmission. To review your use of this technology for protected and sensitive data, please contact the University Information Security Office at infosec@fordham.edu.
5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4.
6 Limited use of non-Fordham provided services may be used for data protected under this class. Any communication beyond that is prohibited.
7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled.

Back to top

Public Data

Public Data

Data may be available to the general public

Fordham Provided Services Guidelines for storing public data (legend below defines symbols and numbers)
Fordham Gmail/Contacts Account
Allowed
Text Messaging
Allowed
Fordham Google Drive
Allowed
Fordham Core Google Apps: Classroom, Calendar, Docs, Groups, Chat, Sheets, Sites, Jamboard
Allowed
Fordham Non-Core Google Apps (e.g. Photos, Maps, YouTube)
Allowed
Fordham File Shares (S:\, P:\ drives) and Managed Servers
Allowed
Fordham Equipment (desktop, laptop, tablet, smartphone)
Allowed
Fordham provided Removable Media (USB thumb drive)
Allowed
Devices on PCI-compliant Network
Allowed
Blackboard
Allowed
Zoom (using Fordham credentials) Allowed
Panopto Allowed
Hyland/OnBase
Allowed
EasyVista
Allowed
MailChimp, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)
Allowed
Qualtrics
Allowed
Rackspace Cloud Files
Allowed
Microsoft Azure Cloud Computing Platform (using Fordham credentials) Allowed
Smartsheet Allowed
OneDrive for Business (using Fordham credentials) Allowed
Fordham Office 365 (using credentials) Allowed
Reclaim Hosting Allowed
Non-Fordham Provided Services Guidelines for storing public data (legend below defines symbols and numbers)
Personal desktop and laptop Allowed
Personal equipment (tablet, smartphone, removable media/thumb drive)
Allowed
Personal third-party email services (e.g., Personal Gmail, Hotmail, Yahoo)
Allowed
Text Messaging Allowed
Cloud storage services not covered by University agreements (e.g., Evernote, Dropbox, personal Google Drive, iCloud, Amazon S3, personal Office 365, personal OneDrive, personal Microsoft Azure, personal Smartsheet, and personal Reclaim Hosting services)
Allowed
Image storage services not covered by University agreements (e.g., Flickr, Instagram, SmugMug)
Allowed
Third-party survey tools not covered by University agreements (e.g., SurveyMonkey, Constant Contact)
Allowed
Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom, personal Teams, Facetime, WhatsApp) Allowed
Allowed Use allowed.
Prohibited
Use prohibited.
1 Service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data.
2 To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, please contact the University Information Security Office at infosec@fordham.edu.
3 This service may be used with the approval of the identified data owner. Some data may be subject to regulation by Fordham's Information Risk Management Board (IRMB), and the use of these services must be vetted through the IRMB Risk Assessment process. For other questions, including identifying data ownership, please contact the UISO at infosec@fordham.edu.
4 Protected and sensitive data stored on these cloud services or when emailed to non-Fordham recipients must be encrypted prior to transmission. To review your use of this technology for protected and sensitive data, please contact the University Information Security Office at infosec@fordham.edu.
5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4.
6 Limited use of non-Fordham provided services may be used for data protected under this class. Any communication beyond that is prohibited.
7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled.

Back to top