Data is another term for the information we use while at work – the information that is entrusted to our care with the expectation that we will provide safeguards that are consistent with law, policy and industry practice. Whether you are in a staff, administrator, information technology, researcher or faculty role, we all work with data in some capacity or another.
It is important that we all practice responsible data stewardship. Protecting information begins at the individual employee level, regardless of your role at the University. Whether information is collected on paper or through an electronic medium, each one of us must apply best practices to our daily functions. While information technology staff can apply a certain level of safeguards to our electronic environment, human nature also plays a role in protecting the information that is entrusted to our care. Data breaches can cause significant harm to students, employees and stakeholders of Penn State so we must all embrace responsible data stewardship by knowing how to categorize and safeguard data, where data is permitted to be stored and when it needs to be destroyed.
To learn more about this effort, speak with your unit’s data categorization liaison team.
Why is Data Categorization critical to Penn State?
Since Penn State has legal obligations to protect and classify sensitive data (for example, Social Security and credit card numbers), the Data Categorization effort will help prevent compromises that could lead to legal action, loss of the University’s reputation, or even loss of accreditation. Most federal agencies no longer accept grant applications from institutions that don’t securely classify their data—due to laws such as FERPA, HIPAA, and GLBA—the Data Categorization initiative is vital for all staff and faculty who apply for grants to conduct research at Penn State.
There are also University policies and guidelines that employees are required to adhere to, including University Policy AD71 Data Categorization, ADG07 Data Categorization Examples, ADG02 Computer Security and AD35 University Archives and Records Management. Policy interpretation for University Policy AD71 is available at this location.