Data Classifications: Data Services

Data Classification Grid Legend

1 -  Service can only be used when care is taken to limit access to authorized individuals. Do not use features that allow any recipient of a link to view the data, as there is no way to ensure the bearer is the intended party. Do not use features that allow the entire Fordham.edu domain (which includes all students and alumni) to view the data.

2 - To protect this class of data, removable media or a mobile device may only be used in conjunction with a sanctioned encryption product. For guidance, please contact Information Security and Assurance at infosec@fordham.edu.

3 - This service may be used with the approval of the identified data owner. Some data may be subject to regulation by Fordham's Information Risk Management Board (IRMB), and the use of these services must be vetted through the IRMB Risk Assessment process. For other questions, including identifying data ownership, please contact Information Security and Assurance at infosec@fordham.edu.

4 - Fordham Protected and Fordham Sensitive data stored on these cloud services or when emailed to non-Fordham recipients must be encrypted prior to transmission. To review your use of this technology for Fordham Protected and Fordham Sensitive data, please contact Information Security and Assurance at infosec@fordham.edu.

5 - This service may be used with the approval of the identified data owner. Any communication beyond that must follow rule number 4. 

6  - Limited use of non-Fordham provided services may be used for data protected under this class. Any communication beyond that is prohibited.

7 - To protect this class of data, videoconferencing may only be used if Chat, Recording, and Transcript Generation features are disabled.

Gmail™/Contacts Account

(@fordham.edu)

Description
Gmail™ is the official email service for all Fordham University students, faculty, staff, alumni, guests, and friends. Using an AccessIT ID and password, Gmail is available through the University Portal, My Pages, or gmail.fordham.edu. Fordham offers an email encryption service to secure messages to people outside of Fordham (non-Fordham email addresses).  Email communication within the Fordham domains, fordham.edu and law.fordham.edu is automatically secured while in transit.
Google Contacts, providing organization and storage for contact information, is integrated with Gmail.
 
Links
 
Data Retention and Recoverability
Email is retained for eight years and then deleted in compliance with the Email Retention Policy. Unless otherwise required by legal counsel, you may delete messages in Gmail at any time. Otherwise, email is retained until deleted, and there is no additional backup. 
Deleted data is placed in a Google trash folder for 30 days and is then purged. You may expedite this purge by emptying the trash manually. While email is in the trash, you may recover it at any time within the 30-day period. Please reference the following Google provided documentation for instructions on deleting email and recovering it from the trash: Delete or recover deleted Gmail messages
After the message is deleted from the trash, Fordham IT may assist in recovering it if notified before 25 days has elapsed. Note: This provision does not apply to data deleted in compliance with the email retention policy. If assistance is needed, please contact IT Service Desk.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (5)
Student Loan Application Information – GLBA (4)
Personally Identifiable Information – PII (4)
Attorney-Client Privileged Information (5)
Fordham Sensitive Data (5)
 
Prohibited Data
Protected Health Information - PHI/HIPAA
Credit Card/PCI
 

Text Messaging

Description
Text messages must not contain any Fordham Protected or Fordham Sensitive data. This includes the use of MMS (Multimedia Messaging Service) to send pictures or files containing Fordham Protected or Fordham Sensitive information. 
The use of text messages is only permitted to communicate Fordham-related information for which there is no expectation of privacy or confidentiality (public data). 
 
Data Retention and Recoverability
The recipient is responsible for all data retention and recovery.
 
Permitted Data
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA
Personal Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Credit Card/PCI
Attorney-Client Privileged Information
Fordham Sensitive Data
 

Google Drive

Description
Google Drive is used to create, share, and store files, enabling file access from any computer. Google Drive can be accessed via drive.google.com or from Google Workspace under the My Apps menu on the Fordham website. Google Drive allows real-time collaboration and sharing of text documents, spreadsheets, presentations, forms, and storage of images, PDFs, and Microsoft Word and Excel files. 
 
Links
 
Data Retention and Recoverability
Data contained in Google Drive is manually retained. Those using Google Drive should delete documents as per the Records Retention and Disposal Policy. Google stores data until it is deleted. There are no additional backups. 
 
You may delete Google Drive files by moving them to a Google trash folder. The files are automatically deleted forever after they've been in the trash folder for 30 consecutive days. You may expedite this purge by emptying the trash manually. While a Google Drive file is in the trash, you may recover it at any time within the 30-day period. Please reference the following Google provided documentation on deleting and restoring files in Google Drive: Delete and restore files in Google Drive
 
Google allows you to delete files if they meet the following criteria:
  • You created the file.
  • You uploaded the file to Google Drive.
  • You accepted ownership of the file from someone.
After a file is deleted from the trash, Fordham IT may assist in recovering it if notified before 25 days has elapsed. If assistance is needed, please contact IT Service Desk.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (1)
Personally Identifiable Information – PII (1)
Attorney-Client Privileged Information (1)
Fordham Sensitive Data (1)
 
Prohibited Data
Student Loan Application Information - GLBA
Protected Health Information - PHI/HIPAA
Credit Card/PCI
 

Core Google™ Apps: Calendar, Chat/Meet, Classroom, Docs, Groups, Jamboard, Sheets, and Sites

Description
The Core Google™ Apps provided to Fordham University students, faculty, staff, alumni, and guests include: 
  • Calendar – a time management application used to keep track of events, allows for calendar sharing with others
  • Chat/Meet – for chat and online meetings (formerly Hangouts)
  • Classroom – used by instructors to create and organize assignments, provide feedback, and communicate with students
  • Docs – a word processor for the creation of documents, allows real-time collaboration
  • Groups – creates a set of people with whom you can share Google resources, as a mailing list or for security on Google Docs, Sites, or Sheets
  • Jamboard – a collaborative, digital whiteboard
  • Sheets – for creation and update of spreadsheets, allows real-time collaboration
  • Sites – a website creation tool
 
Links
 
Data Retention and Recoverability
Data contained on Google Core Apps is manually retained. Those using Google Core Apps should delete documents as per the Records Retention and Disposal Policy. Google Docs, Sheets (for spreadsheets), and Slides (for presentations) store their documents in Google Drive. Please reference the Google Drive section for additional information regarding retention using that product. Other data stored on Google Core Apps is currently not backed up.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (1)
Personally Identifiable Information – PII (1)
Attorney-Client Privileged Information (1)
Fordham Sensitive Data (1)
 
Prohibited Data
Student Loan Application Information - GLBA
Protected Health Information - PHI/HIPAA
Credit Card/PCI
 

Non-Core Google Apps (e.g., Photo, Maps, YouTube)

Description
Non-core Google Apps™ such as Photo, Maps, and YouTube, are not covered by Fordham's Google Apps for Education agreement with Google and may only be used to share or maintain data for which there is no expectation of privacy or confidentiality (public data). Any Google App not listed in Core Google Apps, as well as other Google services, extensions, or add-ons, are classified as Non-Core. 
 
Links
 
Data Retention and Recoverability
Data contained in Google Non-Core Apps is manually retained. Those using Google Non-Core Apps should delete documents as per the Records Retention and Disposal Policy. Data stored on Google Non-Core Apps is not backed up.
 
Permitted Data
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA
Personal Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Credit Card/PCI
Attorney-Client Privileged Information
Fordham Sensitive Data
 

File Shares (S:\ drive) and Managed Servers

Description
Fordham provides file shares, giving individuals the option of securely storing files on a network drive from any University PC or Mac joined to Active Directory.

The Fordham shared drive allows for file collaboration between colleagues. This is labeled as the S:/ drive on Windows devices. On a Mac, this drive appears as a network drive with a volume named “Shared.”

These file shares are backed up as described below and can be restored if necessary by request. By contrast, a PC's local C:\ drive is not backed up; see the Local Drive Usage Advisory for details. Folders on these file shares can be accessed securely when off-campus via Fordham's Virtual Private Network (VPN). 

 
Data Retention and Recoverability
Data contained on file shares (S:\ drives) is manually retained. Those using file shares are responsible for deleting documents as per the Records Retention and Disposal Policy. Data stored on file shares is backed up daily with a 90-day retention period. In addition, a copy of all data is replicated hourly to the disaster recovery site in the unlikely event of a total loss of the primary data center.
 
Permitted Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA
Personal Identifiable Information - PII
Attorney-Client Privileged Information
Fordham Sensitive Data
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Protected Health Information - PHI/HIPAA
Credit Card/PCI
 

Equipment (Desktop, Laptop, Tablet, Smartphone)

Description
Use of Fordham provided laptops, tablets, and smartphones (mobile devices) that access University data must comply with the following security measures:
  • All devices, where possible, must be secured using a PIN (6 digit minimum) or other password protection. 
  • All devices, where possible, must enable automatic lockout for idle devices for 5 or fewer minutes. 
  • All devices, where possible, must have remote wipe capability installed and enabled. 
  • Any lost, stolen, or compromised device must immediately be reported to the IT Service Desk at 718-817-3999. To protect the integrity and security of Fordham University data, all users of mobile devices that access University data will be subject to remote locking or data-wiping of lost, stolen, or otherwise compromised devices.
For assistance in implementing these security requirements, users should contact IT Service Desk at 718-817-3999 or HelpIT@fordham.edu.
 
Links
 
Data Retention and Recoverability
Data on equipment and not on the S:\ drive is manually retained by the individual to whom the device is allocated. Those using equipment and not using the S:\ drives should delete documents as per the Records Retention and Disposal Policy. Data stored on equipment and not on the S:\ drives is currently not backed up.
 
Permitted Data
Student Educational Records - FERPA
Personal Identifiable Information - PII
Attorney-Client Privileged Information
Fordham Sensitive Data
Public Data
 
Data permitted with restrictions
Student Loan Application Information – GLBA (2)
 
Prohibited Data
Protected Health Information - PHI/HIPAA
Credit Card/PCI
 

Fordham-Provided Removable Media (USB thumb drive)

Description
Removable media is a component that can be inserted into and removed from a system and used to store data or information (e.g., text, video, audio, image data). Such components are typically implemented on magnetic, optical, or solid-state devices (e.g., CDs, DVDs, flash/thumb drives, external hard disk drives, and flash memory cards/drives that contain non-volatile memory).
Removable media may only be used in conjunction with a sanctioned encryption product to protect the data at rest. Please contact Information Security and Assurance at infosec@fordham.edu for guidance before copying any Fordham Protected or Fordham Sensitive data to a removable device.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (2)
Student Loan Application Information – GLBA (2)
Personally Identifiable Information – PII (2)
Protected Health Information - PHI/HIPAA (2)
Attorney-Client Privileged Information (2)
Fordham Sensitive Data (2)
 
Prohibited Data
Credit Card / PCI
 

Devices on PCI-Compliant Network

Description
The PCI-compliant network is a network provided by Fordham IT that is compliant with the payment card industry's Data Security Standards (DSS). The only devices that should reside on this network are those that process credit card transactions on behalf of the University. Devices on this network include but are not limited to the Aramark payment devices located in all food service areas at Rose Hill and Lincoln Center and the Ram Van ticketing machines at both Rose Hill and Lincoln Center. Any department that wishes to utilize this network will need to contact the Office of Treasury Operations at 718-817-4940 for further information.
 
 
Data Retention and Recoverability
Storage of credit card information is prohibited. Any other data contained on the PCI-compliant network is manually retained. Those utilizing the PCI-compliant network should delete documents as per the Records Retention and Disposal Policy. Data stored on the PCI-compliant network is currently not backed up.
 
Permitted Data
Student Educational Records - FERPA
Personal Identifiable Information - PII
Credit Card/PCI
Fordham Sensitive Data
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Student Loan Application Information - GLBA
Protected Health Information - PHI/HIPAA
Attorney-Client Privileged Information
 

Blackboard®

Description
Blackboard® is an online learning management solution. Faculty and students in on- and off-campus courses may use this application as a repository for course material, online course instruction, and sharing and storing information. 
 
Links
 
Data Retention and Recoverability
Any data contained in Blackboard is manually retained. Those utilizing Blackboard are responsible for deleting documents as per the Records Retention and Disposal Policy. Data stored on Blackboard is currently not backed up.
 
Permitted Data
Student Educational Records - FERPA
Fordham Sensitive Data
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Student Loan Application Information - GLBA
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Credit Card/PCI
Attorney-Client Privileged Information
 

Zoom™

Description
Zoom™ is an application for online video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, and telephones. All active Fordham University employees and students are eligible to log in to Zoom with their Fordham credentials.
 
Links
 
Data Retention and Recoverability
Recordings stored in Zoom's cloud environment are automatically deleted after 30 days. 
 
Permitted Data
Student Educational Records - FERPA
Public Data
 
Data permitted with restrictions
Student Loan Application Information – GLBA (7)
Personal Identifiable Information – PII (7)
Protected Health Information - PHI/HIPAA (7)
Attorney-Client Privileged Information (7)
Fordham Sensitive Data (7)
 
Prohibited Data
Credit Card/PCI
 

Panopto®

Description
Panopto® is a cloud-based lecture capture service available to all Fordham University faculty, staff, and students. Panopto is used to record lectures for asynchronous viewing, while Zoom™ and Blackboard® Collaborate are used for live classes / synchronous viewing.
 
Links
 
Permitted Data
Student Educational Records - FERPA
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Student Loan Application Information - GLBA
Personal Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Credit Card/PCI
Attorney-Client Privileged Information
Fordham Sensitive Data
 

OnBase® by Hyland

Description
OnBase® by Hyland, Fordham University's enterprise content management system, stores documents and data that have been captured and indexed according to individual departments' business rules, records management guidelines, and retrieval needs. 
This information is accumulated and managed as a system of record in a secure central repository where the documents can be easily retrieved via a line of business applications (e.g., Banner, PowerFAIDS®, Fordham Connect, FSA Atlas) or via the OnBase Web and Unity clients. Rules-based workflows move documents from point A to point B by placing documents in queues, thus eliminating the tedious and risky part of a process. Additionally, workflows route documents based on established process rules (rules-based routing) or based on a user decision (decision-based routing). Finally, each step in every process is tracked and scribed to the audit trail for each transaction to ensure compliance requirements and accountability.
 
OnBase provides the ability to:
  • Capture documents, including paper, electronic documents, email, system reports, e-forms
  • Manage content according to business rules
  • Store, organize and track content
  • Create workflows to deliver documents to processes as soon as they are needed
  • Preserve and protect documents in compliance with internal and external standards
 
Data Retention and Recoverability
Data contained in Hyland/OnBase is manually retained. Those using Hyland/OnBase should delete documents as per the Records Retention and Disposal Policy. We are in the process of implementing a records management module, which will manage the retention and disposition of stored documents according to predefined business rules. Data stored on Hyland/OnBase is backed up at Hyland data centers. Additionally, deleted documents are sent to a document maintenance queue and can be recovered if needed.
 
Permitted Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Attorney-Client Privileged Information
Fordham Sensitive Data
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Credit Card / PCI
 

EasyVista™

Description
EasyVista™ is an IT Service Management (ITSM) tool used at Fordham University for incident management, service request management, asset management, problem management, configuration management, and change management.
 
Data Retention and Recoverability
Those using EasyVista must adhere to the Records Retention and Disposal Policy. IT Service Desk assists with data deletion from EasyVista.
 
Permitted Data
Student Educational Records - FERPA
Public Data
 
Data permitted with restrictions
None
 
Prohibited Data
Student Loan Application Information - GLBA
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Credit Card/PCI
Attorney-Client Privileged Information
Fordham Sensitive Data
 

MailChimp®, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)

Description
MailChimp® and Acoustic Marketing Automation (Fordham Messaging Platform / FMP) – formerly IBM Watson Marketing and SilverPop – are email marketing tools used for targeted marketing campaigns and the email distribution of newsletters and automated messages.
 
Links
 
Data Retention and Recoverability
MailChimp and Acoustic Marketing Automation data is stored and backed up by the vendor. Those downloading data from these services should delete this data as per the Records Retention and Disposal Policy.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (3)
Fordham Sensitive Data (3)
 
Prohibited Data
Student Loan Application Information - GLBA
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Credit Card/PCI
Attorney-Client Privileged Information
 

Qualtrics®

Description
Qualtrics® is a web-based survey tool provided for free to all Fordham students, faculty, and staff.
 
Links
 
Data Retention and Recoverability
Qualtrics data is stored and backed up by the vendor. Those downloading survey results data for analysis should delete this data as per the Records Retention and Disposal Policy.
 
Permitted Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA
Fordham Sensitive Data
Public Data
 
Data permitted with restrictions
none
 
Prohibited Data
Credit Card/PCI
Attorney-Client Privileged Information
 

Rackspace Technology™ Cloud Files

Description
Rackspace Technology™ Cloud Files is an online file and media storage service. 
 
Data Retention and Recoverability
Rackspace Cloud Files are stored and backed up by Rackspace. Those using Rackspace Cloud Files should delete data as per the Records Retention and Disposal Policy
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (4)
Student Loan Application Information – GLBA (4)
Personally Identifiable Information – PII (4)
Attorney-Client Privileged Information (4)
Fordham Sensitive Data (4)
 
Prohibited Data
Protected Health Information - PHI/HIPAA
Credit Card/PCI
 

Microsoft Azure™ Cloud Computing Platform

Description
The Microsoft Azure™ Cloud Computing Platform, which uses your Fordham-issued account, provides a suite of computing and storage services.
 
Links
 
Data Retention and Recoverability
Azure content is stored and backed up by Microsoft. Please contact IT Service Desk to discuss how Azure services should be set up to meet your backup and recoverability needs. Those using Microsoft Azure storage should delete data as per the Records Retention and Disposal Policy.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (4)
Student Loan Application Information – GLBA (4)
Personally Identifiable Information – PII (4)
Protected Health Information - PHI/HIPAA (4)
Attorney-Client Privileged Information (4)
Fordham Sensitive Data (4)
 
Prohibited Data
Credit Card/PCI
 

Smartsheet™

Description
Smartsheet™ has a spreadsheet-like interface used for collaboration and work management of projects, tasks, documents, and calendars.
 
Links
 
Data Retention and Recoverability
Smartsheet content is stored at Smartsheet.com, Inc. Smartsheet content is not automatically backed up at Fordham. Users of this service are responsible for data backup and data recovery. Those using Smartsheet storage should delete data as per the Records Retention and Disposal Policy. Smartsheet allows for integration with other storage platforms, including Google Drive. Please refer to the Data Retention and Recoverability and Data Classification Guidelines of all services used with Smartsheet.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Personally Identifiable Information – PII (1)
Fordham Sensitive Data (1)
 
Prohibited Data
Student Educational Records – FERPA
Student Loan Application Information – GLBA
Protected Health Information - PHI/HIPAA
Credit Card/PCI
Attorney-Client Privileged Information
 

Microsoft OneDrive™ for Business

Description
OneDrive™ is used to create, share, sync, and store files. As part of Fordham University's Office 365™ subscription, files can be saved in OneDrive and then accessed and modified from a browser or mobile device. To use Fordham OneDrive for Business or sync your files, sign in to your Fordham-issued account with your AccessIT ID.
 
Links
 
Data Retention and Recoverability
Data contained in OneDrive for Business is manually retained. Those using Fordham OneDrive for Business should delete documents as per the Records Retention and Disposal Policy. Note that Fordham Office 365 documents may be stored on OneDrive, and users are responsible for adherence to the Data Retention and Recoverability and Data Classification Guidelines covering those documents.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (1)
Student Loan Application Information – GLBA (1)
Personally Identifiable Information – PII (1)
Protected Health Information - PHI/HIPAA (1)
Attorney-Client Privileged Information (1)
Fordham Sensitive Data (1)
 
Prohibited Data
Credit Card/PCI
 

Microsoft Office 365™

Description
Office 365™ provides cloud-based versions of Microsoft productivity applications such as Word, Excel, PowerPoint, and Teams.
 
Links
 
Data Retention and Recoverability
Office 365 documents may be placed on storage platforms such as local drives, Fordham OneDrive for Business, Fordham Google Drive, Fordham File Shares (S:\ drive), and Managed Servers. Please refer to the Data Retention and Recoverability and Data Classification Guidelines for the selected storage platform.
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (1)
Student Loan Application Information – GLBA (1)
Personally Identifiable Information – PII (1)
Protected Health Information – PHI/HIPAA (1)
Attorney-Client Privileged Information (1)
Fordham Sensitive Data (1)
 
Prohibited Data
Credit Card / PCI
 

Reclaim Hosting

Description
Reclaim Hosting provides hosting for digital projects and web-based applications, including WordPress®.
 
Links
 
Data Retention and Recoverability
Reclaim hosted content is not automatically backed up at Fordham. Users of this service are responsible for data backup and data recovery. Those using Reclaim storage should delete data as per the Records Retention and Disposal Policy
 
Permitted Data
Public Data
 
Data permitted with restrictions
Student Educational Records – FERPA (1)
 
Prohibited Data
Student Loan Application Information – GLBA
Personal Identifiable Information – PII
Protected Health Information – PHI/HIPAA
Credit Card / PCI
Attorney-Client Privileged Information
Fordham Sensitive Data

 Need Help?


Walk-In Centers

McGinley 229 | RH
Lowenstein SL19A | LC

View Our Walk-In Hours