Policy identification number: IT-0001
File: Information Technology Policies
Classification of Data
This policy classifies the types of information used at Fort Lewis College.
Vice President, Finance & Administration
January 30, 2019
January 30, 2019
classification, data, c
Scheduled for Review
This policy applies to:
Data is classified into one of the following three categories:
II. Confidential Data
Confidential data is associated with one or more of the following nine main categories:
III. Internal Use Only Data
“Internal Use Only” Data is information that is intended for limited distribution to some or all members of the Fort Lewis College community. This information may include routine operational information, meeting minutes, internal emails, and other documents.
IV. Unrestricted Data
This type of data is intended for public distribution. It will not contain “Confidential Data” or “Internal Use Only Data” as defined earlier in this policy. Publicly posted information must not adversely impact the College, it’s students, staff or faculty, the state, or the public. Materials should be checked for accuracy and content to avoid damage to reputation and/or operational effectiveness. Unrestricted Data can include:
V. Reason for Policy
To enable the prioritization of appropriate security and handling requirements and ensure compliance with laws and regulations applicable to data privacy and usage.
For following the policy: All employees and contracted vendors
For enforcement of the policy: Information Security Officer
For oversight of the policy: Vice President for Finance & Administration
For notification of policy: Policy Librarian
Biometric data: These are identifiers derived from body characteristics, measurements and calculations that can be used to uniquely identify an individual.
Cardholder Name: This is the name of the owner of the card
CVC2 / CVV2 / CID / CVD: The 3 or 4 digit codes found on the back of the credit card.
EMV or Chip or IC: Authentication data is stored in the integrated circuit (IC) chip that is embedded in the credit card that can be used with a PIN to increase the security of a transaction.
Expiration date: The expiration date printed on the credit card data
Foreign Government Agency Issued ID Number: These include national or social identification numbers, national or social insurance numbers, or other personal identifiers that are issued by foreign government agencies.
Financial transaction device: Any instrument or device such as a credit card, banking card, debit card, electronic funds transfer or stored value card, or account number representing a financial account.
Magnetic stripe: Stores PAN, EXP date, credit limit and other highly confidential data on the credit card.
Password or passcode: A string of alpha-numeric characters that is used to prove identity or gain access to a resource
Personal Identification Number (PIN): a numeric number used in the process of authenticating or identifying an individual or entity to a system or account.
Primary Account Number (PAN): The 15 or 16-digit number found on the front of a credit card.
Security Question/Answer pairs: These are questions that are used to verify account ownership.
Social Security Number: A nine-digit number issued to U.S. citizens, permanent residents and temporary residents under section 205(c)(2) of the Social Security Act.
VIII. Cross-Referenced Policies
IX. Revision History
New policy - January 2019