...
Remember that all University owned devices (laptops and desktops) are now required to be encrypted. Personal machines that have been authorized by the department Chair for UT business and contain sensitive, university data, must also be encrypted.
Data Classification
Category-I Data
University data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; Sarbanes-Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Business Procedure Memoranda; specific donor or employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to university contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.) are also included:
A few examples include:
- Employee Information (e.g. Social Security Number)
- Student data (e.g. grades, test scores, assignments)
- Donor/Alumni Information (e.g. name, email, amount donated)
(see extended list of Category I data classification examples)
Category-II Data
University data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific e-mail, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release.
Category-III Data
University data that are not otherwise identified as Category-I or Category-II data (e.g., publicly available). Such data have no requirement for confidentiality, integrity, or availability
Click Here for additional information on the data classification standards and storing sensitive, UT data.