Step 2
Institutional Data Types
2.1 Understanding the legal and regulatory landscape.
An important consideration when safeguarding the privacy and security of data held by an institution (and outside parties on it's behalf) is complying with applicable federal, state, and international laws and regulations related to the privacy and security of the data held by the institution, as well as any contractual protection obligations that may exist. Specific security controls are often legally prescribed for various data types, and these must be taken into consideration when developing a protection plan.
- UWG Info: FERPA- Registrat's Office
- UWG Info: HIPAA/PHI- Health Services
- USG/BOR Business Procedures Manual: 12.5 Privacy and Security
- UWG IT Security Plan: Section III Relevance Laws and Institutional Security Policies and Standards
- UWG Policy: Draft PCI Policy
2.2 Classification System
- UWG IT Security Plan: Information Handling Standards
- USG/BOR Business Procedures Manual: 12.3 Data Classification
2.3 Schema
Using the schema, a classification is designed to institutional data to the extent possible for necessary. Assignment involves review and subsequent documentation of data types and their information sensitivity classification.