All District Data must be classified according to the Data Classification Schema below and protected according to applicable Data Security Standards. This policy applies to data in all formats or media.
Data and information assets are classified according to the risks associated with data being stored or processed. Data with the highest risk need the greatest level of protection to prevent compromise; data with lower risk require proportionately less protection. Three levels of data classification will be used to classify District Data based on how the data are used, its sensitivity to unauthorized disclosure, and requirements imposed by external agencies.
Data are typically stored in aggregate form in databases, tables, or files. In most data collections, highly sensitive data elements are not segregated from less sensitive data elements. For example, a student information system will contain a student's directory information as well as more sensitive information such as the student’s birth-date and home address. Consequently, the classification of the most sensitive element in a data collection will determine the data classification of the entire collection.
For a more comprehensive list of examples, please refer to Appendix II.