Understanding Data Classification

In order to properly secure your data, you must understand its classification and appropriate options for transporting and storage.

  • NOTE: If you have any questions about the proper handling of data, please contact Information Security
  • Classification of Data Policy and Table

    Confidential Information

    Public

    Electronic Devices and

    Lehigh Hosted or Contracted Services

    Class I
    Critical
    PHI1
    Class I
    Critical
    non-PHI
    Class II
    Restricted 
    Class III
    Institutional/
    Proprietary 
    Class IV
    Public/
    Unrestricted 
    Lehigh Owned - LTS-Managed Whole Disk Encrypted Devices
    including, but not limited to:
      • Computers
      • Network-Attached Storage (NAS)
      • Externally Connected Storage Devices



    (error)



    (error)




    (tick)


    (tick)


    (tick)
    Personally Owned Computers or Storage Devices
    (error)(error)(error)(error)(tick)
    Unmanaged Devices (Lehigh Owned or Personal, e.g. mobile)
    (error)(error)(error)(error)(tick)
    Lehigh University LAN Drive (H: I: J: Drives)
    (error)(error)(tick)(tick)(tick)
    Approved Access-Controlled LAN Drive Storage*
    (error)(tick)(tick)(tick)(tick)
    Web and Storage Space
    (error)(error)(error)(tick)(tick)
    Ceph Storage with LTS Access-Control (R Drive)
    (error)(error)(tick)(tick)(tick)
    Confluence
    (error)(error)(error)(tick)(tick)
    Course Site
    (error)(error)(tick)(tick)(tick)
    DocuSign
    (warning)(warning)(tick)(tick)(tick)
    Drupal and Lehigh Hosted Webpages
    (error)(error)(error)(tick)(tick)
    Email - Lehigh Gmail
    (error)(error)(error)(tick)

    (tick)

    JIRA 
    (error)(error)(error)(tick)(tick)
    Lehigh File Sender
    (error)(tick)(tick)(tick)(tick)
    Lehigh Google Drive** (encrypted in transit and at rest)
    NOTE: Google stores data on servers located domestically and abroad.
    (error)(error)(warning)(tick)(tick)
    Lehigh Dropbox for Business3 (encrypted in transit and at rest)
    NOTE: All data is stored in the US.
    (warning)(warning)(tick)(tick)(tick)
    Personal Dropbox
    (error)(error)(error)(error)(tick)
    Lehigh Microsoft OneDrive** (encrypted in transit and at rest)
    (error)(error)(warning)(tick)(tick)
    Qualtrics
    (error)(error)(tick)(tick)(tick)
    RedCap
    (error)(warning)(tick)(tick)(tick)
    Slack
    (error)(error)(tick)(tick)(tick)
    Zoom
    (error)(error)(tick)(tick)(tick)
    Zoom - HIPAA2
    (warning)(warning)(tick)(tick)(tick)

    (tick) Acceptable  (error) Not Acceptable (warning) Some exclusions (noted below)

    *Must be approved by Information Security

    ** ITAR and Export controlled information under U.S.laws are excluded. Although ITAR and Export controlled information under U.S. laws are classified as Type II data, it cannot be stored on systems outside the US.  In addition to storage restrictions on this type of data, there are also restrictions on sharing such data with foreign nationals of restricted countries. It is up to the data owner to determine whether any export-controlled data may be shared with someone or transported to a particular country. Guidance can be found at the US Department of Commerce Control List site at: http://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl

    1 Protected Health Information (PHI)

    2 Zoom can be used for PHI or Class 1 data but you MUST have your account converted to a HIPAA compatible account and you will lose some Zoom functionality (i.e. Cloud recording, breakout rooms, etc)

    3 Dropbox for Business can be used for PHI or Class 1 data but you MUST have a team drive set up by LTS and the Class 1 data put into the C1 folder.  Do not share any files externally.


For immediate help, contact the LTS Help Desk (Hours)
EWFM Library | Call: 610-758-4357 (8-HELP) | Text: 610-616-5910 | Chat | helpdesk@lehigh.edu
Submit a help request (login required)