Now, more than ever, we share information and use data daily in our personal and professional lives. There are certain types of information that are regulated and must be handled appropriately when shared with others not only to ensure compliance with legislation, but also to minimize the risk of the information being viewed inappropriately and to help protect the privacy of individuals. To help Clark employees handle specific types of information, the university has a Data Classification Policy that defines three types of data (confidential, restricted, public) and details how we can use and share those types of data. In addition to the policy, there is a one page reference sheet that provides examples and guidelines for managing different types of data. Reading the policy and following the reference sheet will help you manage the information we’ve all been entrusted to protect. 

If our ability to protect certain information is compromised, Clark must provide notice to individuals impacted as well as state or federal authorities. Spirion is installed on Clark-managed computers. It can identify where sensitive information lives on your computer and in your email. Information on how to use it can be found online. If Spirion identifies confidential or restricted information that is no longer needed, then it should be deleted. 

In addition to defining how we must manage Clark data, these documents also provide good guidelines for how we can manage our own personal data. For example, you should never email highly confidential information like a social security or credit card number. Email you send with this information usually lives in your sent items for a long time, serves no useful purpose living there, and creates risk around a compromise. If an email account is compromised, cybercriminals will first download all email in the account to mine for information later. If you do have this information in your mailbox, we recommend you delete those messages.