Data classification provides a basis for understanding and managing institutional data based on the level of criticality and required confidentiality of the data. Appropriate classification provides the basis for an appropriate and effective level of security and protection. Institutional data may be assigned to one of three classifications:

• PUBLIC - Institutional data intended for broad distribution in support of the College’s mission or freely available to any person or organization with no restrictions. Includes all institutional data whose exposure to the general public poses little or no risk to the College’s reputation, resources, services, or individuals. Some level of control is required to prevent unauthorized modification or destruction of Public Data.
• LIMITED ACCESS (INTERNAL) - Institutional data available with no restriction but whose integrity must be carefully maintained. May be accessed by eligible college employees, with no restriction, in the conduct of college business. This is the default classification for all institutional data. A reasonable level of security controls should be provided to Limited Access Data.
• RESTRICTED - Institutional data protected by state or federal privacy regulations and data considered critical to college operations. Legal, ethical, or other constraints prevent access without specific authorization. The highest level of security controls should be applied to Restricted Data. Access to Restricted Data must be controlled from creation to destruction, and will be granted only to those persons affiliated with the College who require such access in order to perform their job, or to those individuals permitted by law.