Sensitive data

Other pages on this site with related information:

Data classifications

All data at Stanford is classified as either low, moderate, or high risk.

  • Low: Data that is not moderate or high risk and is intended for public disclosure or whose loss of confidentiality, integrity, or availabilty would have no adverse impact on Stanford's mission, safety, finances, or reputation. This includes but is not limited to research data, SUNet IDs, and other information in the public domain.
  • Moderate: Data that is not high risk and is not generally available to thie public or whose loss of confidentiality, integrity, or availabilty could have a mildly adverse impact adverse on Stanford's mission, safety, finances, or reputation. This includes but is not limited to unpublished research data, student records and applications, personnel files, non-public policies and contracts, and PTA numbers.
  • High: Data that is protected by law/regulation, that when inappropriately accessed Stanford is required to self-report to the government and/or provide notice to the individual regarding when it has been inappropriately accessed, or whose loss of confidentiality, integrity, or availabilty could have a significantly adverse impact adverse on Stanford's mission, safety, finances, or reputation. This includes but is not limited to health information, social security numbers, credit card and financial information, passport and visa numbers, and driver's license numbers.

Detailed descriptions and explanations of these data classifications can be found on University IT's web site.

Options for secure storage and backup

Note: In May 2015, the data classifications above were announced and the old classifications will be phased out by January 2016. Details regarding secure storage and backup have not yet been updated to reflect the new classifications. The information below will be updated once the information from ITS has been udpated. 

  1. Secure AFS (Andrew File System): This AFS-based storage service allows for the storage of public, confidential, restricted, and prohibited data, and includes both storage and nightly backups. Standard AFS space allows for storage of public and confidential data only.
  2. Secure IGFS (Individual & Group File Storage): Similar to the normal IGFS service, but allows for storage of public, confidential, and restricted data (but not prohibited data). Backups are available. Standard IGFS space allows for storage of public and confidential data only.
  3. Online Archive Storage: Allows for storage of public, confidential, and restricted data (but not prohibited data).

The Information Security Office has a nice chart of services that shows which ones can be used for which categories of data.