Data classification establishes a framework to allow OSU to comply with federal and state laws, regulations, and policies associated with information security, and to protect the confidentiality, integrity, and availability of university data. University data is classified into three categories: Confidential Information, Sensitive Information, and Unrestricted Information.
Confidential information is the most restrictive information classification. This classification pertains to information that could have serious negative consequences to the university or individuals if compromised or disclosed to those lacking appropriate approvals for access. Examples of this classification of information are as follow:
Sensitive Information is data that is commonly used to conduct OSU business, which by its nature or regulation, may have legal and/or generally expected obligations for non-disclosure outside of authorized individuals. Examples of sensitive information are:
Unrestricted Information is data intended for appropriate general use within the university: