Data Classification & Handling

---

The Information and Data we process on a day to day basis at WNCC varies in it's contents and purpose. As a result, the way we treat and handle this information and data relies on said content and purpose. The more sensitive the information, the more carefully we need to handle said data. Below is a chart outlining our Data Classification & Handling Guidelines:

Level 1

Public: Low risk if revealed to the public at large. Includes but not limited to:

• Newsletters
• Staff directory
• Course catalogs
• Annual reports

Level 2

Sensitive Information: Moderate risk of financial loss, public distrust, and legal issues if this data is compromised/released. Includes but not limited to:

• Security system information (Physical and System wide)
• College financial data
• Audit reports
• Email addresses that aren’t public record

Level 3

Confidential Information: Significant risk of financial loss, public distrust, and legal issues if this data is compromised/released. Includes but not limited to:

• PII (Personally Identifiable Information)
  • Examples – full name, maiden name
• Passwords or PINs
• HIPAA (Health Insurance Portability and Accountability Act)
• ePHI (electronic Protected Health Information)
• FERPA (Family Educational Rights and Privacy Act)
• GLBA (Gramm-Leach-Bliley Act)
• PCI-DSS (Payment Card Industry – Data Security Standard)

- Your WNCC IT Team