Data Security
Learn about the different types of data you may encounter at Middlebury and how you should store and send them.
Understanding Security Levels
Middlebury uses a Data Classification Policy (DCP) to help identify and protect our data. There are three categories:
- Highly Sensitive Data
- Data with privacy and security requirements that exceed Middlebury’s normal security standards. This may include research-related restricted data sets and legal documents.
- Sensitive Data
- Data regulated by state or federal law or contractual obligation. This includes information like social security numbers, academic transcripts, and health records.
- Private Data
- Data not regulated by law, but that could result in civil action or reputation damage to Middlebury if inappropriately accessed. This data includes things like faculty manuscripts, budget information, and account credentials.
- Public Data
- All other data. This is information such as business addresses, marketing materials, or public websites.
Knowing what type of data you’re accessing and handling helps you make the appropriate decisions when it comes to sharing, storing, and transmitting. Check the Data Classification Policy to determine the appropriate security level any time you are unsure, or if you are handling a new type of data. Your department also has a Data Steward (usually the department head) who is responsible for protecting and managing access to the data handled in your area.
Choosing How to Store and Transmit Data
This table can help you decide what service you should use based on the data security class.
Security Classification | Sharing | Storing |
---|---|---|
Public Data | Any | Any |
Private Data | Middfiles/MIISfiles, Microsoft OneDrive | Middfiles/MIISfiles, Microsoft OneDrive |
Sensitive Data | Contact us | Contact us |
Highly Sensitive Data | Contact us | Contact us |
Contact us if you’re ever unsure about what services to use while handling data.