Data Classification Guidelines
For Students, Faculty, Staff, Guests, Alumni
Fordham University’s Data Classification and Protection Policy applies to all data produced, collected, stored, or used by the University, its employees, student workers, consultants, and agents during their relationship with the University.
The Data Classification Grid can help you better understand regulations and policies governing Fordham Protected and Fordham Sensitive Data and determine where to store your files. The Data Classification Grid is not exhaustive or detailed, and regulations and services offered change over time. Please contact the IT Service Desk, visit the Tech Help page under My Pages after logging in to fordham.edu, or email [email protected] if you have any questions on secure data storage or sharing data with colleagues within or outside the University.
Did you know there's more to handling data safely than a strong password and storage solution? Find out by taking our free, self-paced online information security awareness training for employees. To access the courses, log in to Proofpoint Security Awareness Training under My Apps in the portal, fordham.edu.
Data Classification Types
-
Fordham Protected Data
Data that contains personally identifiable information
Human Subject Research: Any sharing or storage of Human Subject Research data is subject to the approval of Fordham University’s Institutional Review Board.
Fordham
Provided ServicesData Types key: Data may be stored with this service
Data may not be stored with this serviceIf a number is assigned, data may be stored with this service under certain circumstances. See the chart legend below or click on the number. Fordham Gmail/Contacts Account Text Messaging Fordham Google Drive Fordham Core Google Apps: Classroom, Calendar, Docs, Groups, Hangouts, Sheets, Sites, Jamboard
Fordham Non-Core Google Apps(e.g., Photos, Maps, YouTube)
Managed Servers
S:\ drive
shared.fordham.edu
storage.fordham.edu
Fordham Equipment (e.g., desktop, laptop, tablet, smartphone)
Fordham provided Removable Media (USB thumb drive) Devices on PCI-compliant Network Blackboard Zoom (using Fordham credentials) Panopto Hyland/OnBase ServiceNow Qualtrics Microsoft Azure Cloud Computing Platform (using Fordham credentials) OneDrive for Business (using Fordham credentials) Fordham Office 365 (using Fordham credentials) Reclaim Hosting Non-Fordham
Provided ServicesData Types key: Data may be stored with this service Data may not be stored with this service If a number is assigned, data may be stored with this service under certain circumstances. See the chart legend below or click on the number. FERPA PII Personal desktop and laptop Personal equipment (tablet, smartphone, removable media/thumb drive) Personal third-party email services (e.g., personal Gmail, Hotmail, Yahoo) Text Messaging Cloud storage services not covered by University agreements (e.g., Evernote, Dropbox, personal Google Drive, iCloud, Amazon S3, personal Office 365, personal OneDrive, personal Microsoft Azure, personal Smartsheet, and personal Reclaim Hosting services) Free or personal web-accessible platforms not covered under University agreements (e.g., ChatGPT, DALL-E, Bard, LLaMA, Make-A-Video, Claude, Stable Diffusion, Hugging Face, BLOOM, NeMo, Reddit, Instagram, Facebook, Twitter, TikTok, Github, Picasso, Flickr, SmuHug, Forums, Public IT Support). Third-party survey tools not covered by University agreements (e.g., SurveyMonkey, Constant Contact) Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom, personal Teams, Facetime, WhatsApp) 1 Service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data. 2 To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, contact [email protected]. 3 This service may be used with the approval of the identified data owner. For other questions, including identifying data ownership, please [email protected]. 4 Emailing or sharing data stored from these cloud services must be encrypted before transmitting or sharing. To review your use of this technology, contact [email protected]. 5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4. 6 Limited use of Non-Fordham Provided IT Resources or services may be used for data protected under this class. Any communication beyond that is prohibited. 7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled. Back to top
-
Fordham Sensitive Data
Internal procedures prohibit unauthorized disclosure of this data.
Human Subject Research
Any sharing or storage of Human Subject Research data is subject to the approval of Fordham University’s Institutional Review Board.
Non-Fordham Provided Services Guidelines for storing sensitive data (legend below defines symbols and numbers)
Personal desktop and laptop Personal equipment (tablet, smartphone, removable media/thumb drive) Personal third-party email services (e.g., personal Gmail, Hotmail, Yahoo) Text Messaging Cloud storage services not covered by University agreements (e.g., Evernote, Dropbox, personal Google Drive, iCloud, Amazon S3, personal Office 365, personal OneDrive, personal Microsoft Azure, personal Smartsheet, and personal Reclaim Hosting services) Free or personal web-accessible platforms not covered under University agreements (e.g., ChatGPT, DALL-E, Bard, LLaMA, Make-A-Video, Claude, Stable Diffusion, Hugging Face, BLOOM, NeMo, Reddit, Instagram, Facebook, Twitter, TikTok, Github, Picasso, Flickr, SmuHug, Forums, Public IT Support). Third-party survey tools not covered by University agreements (e.g., SurveyMonkey, Constant Contact) Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom, personal Teams, Facetime, WhatsApp) Use allowed. Use prohibited. 1 This service can only be used when care is taken to limit access to authorized individuals. 2 To protect this class of data, removable media or a mobile device must be used in conjunction with a sanctioned encryption product. For guidance, contact [email protected]. 3 This service may be used with the approval of the identified data owner. For questions, contact [email protected]. 4 Emailing or sharing data stored from these cloud services must be encrypted before transmitting or sharing. To review your use of this technology, contact [email protected]. 5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4. 6 Limited use of Non-Fordham Provided IT Resources or services may be used for data protected under this class. Any communication beyond that is prohibited. 7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled. Back to top
-
Public Data
Data may be available to the general public. Public Data may be disclosed to anyone, regardless of affiliation with the University, without restriction. It is data that does not contain PII or Personal Data concerning any individual and is not Fordham Protected Data or Fordham Sensitive Data.
Human Subject Research
Any sharing or storage of Human Subject Research data is subject to the approval of Fordham University’s Institutional Review Board.
Non-Fordham Provided Services Guidelines for storing public data (legend below defines symbols and numbers) Personal desktop and laptop Personal equipment (tablet, smartphone, removable media/thumb drive) Personal third-party email services (e.g., Personal Gmail, Hotmail, Yahoo) Text Messaging Cloud storage services not covered by University agreements (e.g., Evernote, Dropbox, personal Google Drive, iCloud, Amazon S3, personal Office 365, personal OneDrive, personal Microsoft Azure, personal Smartsheet, and personal Reclaim Hosting services) Free or personal web-accessible platforms not covered under University agreements (e.g., ChatGPT, DALL-E, Bard, LLaMA, Make-A-Video, Claude, Stable Diffusion, Hugging Face, BLOOM, NeMo, Reddit, Instagram, Facebook, Twitter, TikTok, Github, Picasso, Flickr, SmuHug, Forums, Public IT Support). Third-party survey tools not covered by University agreements (e.g., SurveyMonkey, Constant Contact) Third-party videoconferencing tools not covered by University agreements (e.g., personal Zoom, personal Teams, Facetime, WhatsApp) Use allowed. Use prohibited. 1 This service can only be used when care is taken to limit access to authorized individuals. 2 To protect this class of data, removable media or a mobile device must be used in conjunction with a sanctioned encryption product. For guidance, contact [email protected]. 3 This service may be used with the approval of the identified Data Owner. For questions, contact [email protected]. 4 Emailing or sharing data stored from these cloud services must be encrypted before transmitting or sharing. To review your use of this technology, contact [email protected]. 5 This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4. 6 Limited use of Non-Fordham Provided IT Resources or services may be used for data protected under this class. Any communication beyond that is prohibited. 7 To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled. Back to top