"All Data is Not Created Equal..."
When it comes to the security of information, there is no "one size fits all" protection. Different types of data should be secured in different ways. Imagine if your work or school e-mail address was subject to the same security requirements as your social security number. It would be incredibly difficult for people to contact you, even for legitimate business.
The act of classifying data, contrary to what we might have seen on the silver screen, simply means putting the data into a category based on its sensitivity. The following questions must be answered for successful classification:
Different systems are used at the University, across the Commonwealth of Virginia, throughout our nation, and around the globe. The classification of data always originates from the owner. In essence, data owned by the United States federal government must use the classification scheme relevant there. Data held by the University must use our classification processes, which generally work in tandem with those of the Commonwealth of Virginia.
Once you have determined who owns particular data, you may use this online tool to help you determine the data category, and obtain general information on how the data is handled. Please note that this tool is for informational purposes only. It is not intended to replace official policies, laws, or to provide legal advice.