Information Technology & Innovation : Security

Data Classification

Information, which by law is confidential, must be protected from unauthorized access or modification. Data, which is essential to critical functions, must be protected from loss, contamination, or destruction.

Data Classification is the process of grouping data elements together by risk level. WCSU has identified four Data Classification Levels (DCL) from 0 to 3. Appropriate security controls will be applied to each classification level. Increasingly restrictive data management and security practices are required for each level, with DCL 0 requiring limited protection to DCL3 (formerly referred to as Class A Data) requiring the most protection.

Data Classification

Data Classification Level (DCL)

Description

Examples

3

DCL3

(Protected Confidential)

Level 3 is protected confidential data, which comprises identity and financial data that, if improperly disclosed, could be used for identity theft or to cause financial harm to an individual or WCSU.
Security at this level is very high (highest possible).
 Identity Data with:

  • Social Security number
  • Bank account or debit card information
  • Credit card number & cardholder information
  • Student Loan Data

2

DCL2

(Restricted)

Level 2 is restricted data that is available for disclosure, but only under strictly controlled circumstances.
Such information must typically be restricted due to proprietary, ethical or privacy considerations.
An example of such restrictions is the FERPA guidelines that govern publication and disclosure of student information.
Security at this level is high.
Identity Data with:

  • Birth date
  • Mother’s maiden name
  • Academic records (e.g. Grades, Test scores, Courses taken, etc.)
  • Student Records (e.g. Advising records, Disciplinary actions)
  • Employee Records

1
DCL1
(Internal)

Level 1 is internal data that has not been approved for general circulation outside WCSU where its disclosure would inconvenience WCSU, but is unlikely to result in financial loss or serious damage to credibility.
Security at this level is controlled but normal.
  • Internal memos
  • Minutes of meetings
  • Internal project reports

 

0
DCL0
(Public)

Level 0 is public data that has been explicitly approved for distribution to the public. Disclosure of public data requires no authorization and may be freely disseminated without potential harm to WCSU.
Security at this level is minimal.
  • Advertising
  • Public Directory Information
  • Press Releases
  • Job postings
  • Campus Maps
  • WestConn Account (Windows Account)