The responsibility for storing and maintaining documents and files resides with the person who stores the documents. Judgment is required about how and where campus information will be stored.
Unless specifically approved by the Information Security Office, a system may not be used to store or transmit CSU Level 1 data. This information includes any information that is governed by federal, state or local law, or regulated by industry.
Examples of CSU Level 1 data:
For a full description of all Levels of CSU Data classifications (1,2,3), please see:
- Personally Identifiable Information (SSN, account numbers, birth dates, driver’s license numbers, etc...)
- HIPAA information ( Any health related information including diagnosis, dates of service, doctor visit information, treatment information, EOBs, provider information, etc...)
- Payment Card Industry Information (Credit Card Numbers, PINs, verification codes etc.)
- Export Laws: Data subject to United States export control or trade embargo regulations.
- Campus Authentication Credentials: This would be the campus issued account and password used to access your computer and email.
If you are unsure if you are handling legal or CSU protected data, please review the CSU Data Classification Standard on our policy page and/or contact the campus Information Security Office at firstname.lastname@example.org