You May Not Know You Have Sensitive Data... and That Could Be a Big Problem

Data protection key on a keyboard

You May Not Know You Have Sensitive Data... and That Could Be a Big Problem

Data Classification at UC Davis

Practicing good cybersecurity is essential to protecting the UC’s mission to provide world-class teaching, research, and public service. There are many ways we do this here at UC Davis, but one big piece of the cybersecurity puzzle is data classification. After all, you can’t protect what you don’t know you have!

Four Protection Levels for UC data

University data is classified into one of four categories, known as Protection Levels or P levels and availability levels. In this article, we are focusing on P Levels, but you can click here to learn more about availability levels or watch the short video below for a brief overview. 

 

Each P Level has different impacts if the data falls into the wrong hands. A couple of examples for each protection level are below.

Zippered mouth smiley face graphic
P4 - High Protection Level: 

Financial records & social security numbers & sensitive identifiable research data

P3 Protection Level Graphic
P3 - Moderate Protection Level: 

IT Security information & attorney-client privileged information

P2 Low Protection Level Graphic
P2 - Low Protection Level: 

Building plans & public research data

P1 Low Protection Level Graphic
P1- Minimal Protection Level: 

Hours of operation & course catalogs

UC's Security Standard for Everyone and All Devices

Regardless of the type of data you are responsible for, there are steps everyone at UC Davis can take to protect themselves and the university. The University of California Office of the President (UCOP) put together a list of minimum security standards designed to protect UC's institutional information and IT resources, its workforce, partners, consultants, and suppliers. Here are the top five on the UCOP list: 

  1. Anti-malware
  2. Approval and inventory
  3. Backup and recovery
  4. Encryption
  5. Encrypt portable media 

Click here to explore the other seven standards on the UCOP security control and practices list. 

You can also learn more about data Protection Levels on IET's Data Classification webpage and in the UC IS-3 Electronic Information Security policy.