Sensitive Data: Defining and Classifying
At Ohio University, the term "sensitive data" refers to the classification of data at a medium or high level that must be protected against unauthorized disclosure. As outlined in University Policy 93.001 Data Classification, data owners must be aware of their data's sensitivity level and how to protect it.
Keeping sensitive data safe from inappropriate access and disclosure is of the utmost importance. Ohio University has policies, procedures, and standards in place to protect sensitive data. It is the responsibility of everyone handling sensitive data at Ohio University to be familiar with these policies, procedures, and standards. In addition, it's important to know what steps are needed to protect this data. For more in-depth information on identifying the sensitivity of various data types, view our Data Classification Table.
Tips for Finding Sensitive Data
Today, it's easy to store thousands of files without a second thought, and it's not uncommon to have files that go back several years. These tips can help locate sensitive information hiding among large amounts of files and file types:
- Examine spreadsheets for "hidden" columns, rows, or cells that may contain sensitive data but may not be visible on first opening of the file.
- Review potential locations for sensitive data in email, including archived messages you may have stored on your computer.
- Use a scanning tool to locate and act upon files containing sensitive information.
Properly Storing Sensitive Data
Part of being a proper data owner is storing sensitive data in secured locations. The Storing Data by Type guide identifies appropriate OIT managed solutions for storing data. Adhering to this guide is an important part of protecting University information. Keep in mind that Storing Data by Type only lists OIT managed solutions. If you store data classified as medium or high sensitivity in an IT service or tool not listed in the guide, contact Information Security to determine if it's appropriate for your data type.