Data Security

Understanding Security Levels

Middlebury uses a Data Classification Policy (DCP) to help identify and protect our data. There are three categories:

Highly Sensitive Data

Data with privacy and security requirements that exceed Middlebury’s normal security standards. This may include research-related restricted data sets and legal documents.

Sensitive Data

Data regulated by state or federal law or contractual obligation. This includes information like social security numbers, academic transcripts, and health records.

Private Data

Data not regulated by law, but that could result in civil action or reputation damage to Middlebury if inappropriately accessed. This data includes things like faculty manuscripts, budget information, and account credentials.

Public Data

All other data. This is information such as business addresses, marketing materials, or public websites.

Knowing what type of data you’re accessing and handling helps you make the appropriate decisions when it comes to sharing, storing, and transmitting. Check the Data Classification Policy to determine the appropriate security level any time you are unsure, or if you are handling a new type of data. Your department also has a Data Steward (usually the department head) who is responsible for protecting and managing access to the data handled in your area.

Choosing How to Store and Transmit Data

This table can help you decide what service you should use based on the data security class.

Contact us if you’re ever unsure about what services to use while handling data.