How secure is your personal and UAB data? Whether you are a student, a faculty member, or a staff member, you may have access to different types of data that need to be protected from unauthorized disclosure. Key to safeguarding your data is knowing what type you have.

UAB classifies data into three levels: Public, Sensitive, and Restricted/PHI.

• Public data is information that can be freely shared with anyone, without causing any harm or violating any policies. Examples of public data are public directories, public research findings, and newsletters.
• Sensitive data is information that is confidential and should only be accessed by authorized individuals on a need-to-know basis. Unauthorized disclosure of sensitive data could cause moderate harm or inconvenience to UAB or its affiliates. Examples of sensitive data are FERPA information, patent pending information, and any data protected by law.
• Restricted/PHI data is information that is highly confidential and should be protected with the highest level of security. Unauthorized disclosure of restricted data could cause severe harm or legal consequences to UAB or its affiliates. Examples of restricted data are HIPAA information, Social Security numbers, credit card numbers, and passwords.

When it comes to storing your data, UAB has several options.

Last month, UAB IT implemented a new capability for Box users to label Public, Sensitive, and Restricted/PHI data in the cloud-based storage tool. Users wishing to store Restricted data in Box will need to fill out the risk assessment form. If you are unsure about where to store Sensitive and Restricted data, it is best to check the list of options and how to store these types on UAB IT’s guideline page.