Explore UAB

Colleges & Schools

News Information Technology

Help protect UAB: Keep track of your data type

Knowing your data is the first step to protecting it — and protecting UAB.

UAB’s data classification system defines three levels of data types. When you properly store your data, UAB’s security experts can better manage, handle, and protect your assets. UAB IT is adding features, such as document labeling, to help you better keep track of your data.

“It’s important to know what type of data you’re handling,” said Cindy Jones, executive director for information security. “When everything is stored properly have a clear picture of what we have and can focus on the protection of our assets.”

UAB classifies data in three ways – public, sensitive and restricted.

Public data is information that can be disclosed to the public without harm. This could be a phone director, public websites, and even newsletters. Items falling under the public category can be stored on thumb drives, your email account, or in the cloud.

If you’re handling sensitive data, keep in mind that it should be kept confidential, with access requiring authorization or legitimate need-to-know involvement. Budgetary plans, FERPA information, and patent pending plans all fall under the sensitive label. When storing these assets, they will need to be password protected. Users cannot store sensitive data in their personal accounts.

Restricted/PHI data is sensitive data that is highly confidential in nature and carries significant risk from unauthorized access. Privacy and security controls are typically required by law or contract for this data. Your Social Security number, credit card information, and HIPAA information are all a part of the restricted data environment. This information can only be stored in certain areas, and users will need to fill out the risk assessment form.

Files that are stored in Box can be labeled according to the type of data it contains. Box users have a similar option, with color coordinated shields to help aid your labeling.

“This new feature was implemented to help strengthen our security and allows our users to implement their own guidelines for sharing and storing files,” Jones said.  

UAB is in the process of rolling out data classification labels for the Microsoft environment as well.