At UAB, information is classified in three different ways — public, which needs no extra protection; sensitive, which should be kept confidential; and restricted/PHI, which requires strict protocols and is often governed by law or contract.

Think of it this way:

Public data is green for go ahead and share.

Sensitive data is yellow for go slowly and take extra precaution.

Restricted/PHI is red for stop — take stock of what it is and where you should store it.

Not only does knowing your data help protect it, it helps when you are seeking approval for a new technology tool for research or academics.

Examples of each type of data include:

• Public: Course catalogs, public research findings, enrollment figures, press releases and newsletters.
• Sensitive: FERPA information, budgetary plans, proprietary business plans, patent pending information and export controls information.
• Restricted/PHI: Social Security numbers, credit card numbers, personally identifiable information, protected health information, GLBA data, export controlled data, FISMA regulated data, login credentials, and information protected by non-disclosure agreements.

UAB IT also has guidelines for where you can store each type of data.