- home
- About
- District Board of Trustees
- policies
- 6Hx-18-6.02
Palm Beach State College Board Policy
Title: Data Classification and Handling Policy
Policy Number: 6Hx-18-6.02
Legal Authority: F.S. 1001.64; F.S. 1001.65; FS 501.171
Date Adopted/Amended: Adopted 7/11/2017
Purpose
To provide the basis for protecting the confidentiality, integrity and availability of data at Palm Beach State College by establishing a data classification system and program. Additional standards and procedures will specify handling requirements for data based on their classification.
Scope
This policy applies to all departments, data processing platforms and systems owned, leased or managed by the College or by third party providers.
Policy Statement
All data at Palm Beach State College shall be assigned one of the following classifications.
1. Restricted: Data in any format collected, developed, maintained or managed by or on behalf of the college, or within the scope of college activities that are subject to specific protections under federal or state law or regulations or under applicable contracts. Restricted information must be limited to only: a) authorized employees, b) contractors, and c) business partners with a specific business need. Examples include, but are not limited to, non-directory student records, healthcare records, social security numbers, credit card numbers, Florida driver licenses and operational and security control technical data.
2. Internal Use: Data originated or owned by Palm Beach State College or entrusted to it by others. Internal Use data may be shared with authorized employees, contractors, and business partners who have a business need, but may not be released to the general public, due to the negative impact it might have on the college’s business interests. Data should be classified as Internal Use when the unauthorized disclosure, alternation or destruction of that data would impair the functions of the college, cause significant financial or reputational loss or lead to possible legal liability. Examples include, but are not limited to, financial information, strategy documents and information used to secure the college’s physical or information environment.
3. Public: Data that does not fall into any of the other data classifications. This data may be made generally available without specific data owner, designee or delegate approval. Examples include, but are not limited to, advertisements, job opening announcements, college catalogs, district board of trustee policies, faculty publication titles and press releases.
- Data owners are responsible for appropriately classifying data and ensuring applicable standards, procedures and guidelines are established.
- Data stewards are responsible for identifying and labeling data with the appropriate classification and applying required and recommended safeguards.
- Data users are responsible for complying with data use requirements.
- Data users are responsible for referring requests for public records to General Counsel.
References
- Florida Statutes: www.flsenate.gov/statutes/
- Palm Beach State College DBOT Policies: https://www.pbsc.edu/about/district-board-of-trustees/policies/index.php
- State Administrative Rules: www.flrules.org/gateway/ChapterHome.asp?Chapter=6A-14