Data Classification @ MIT

This information is provisional and welcomes feedback from the community.

The act of assigning a level of sensitivity to data is called data classification. The most popular system of classification common in governmental and intelligence circles is hierarchical, and from most to least sensitive goes: Top Secret > Secret > Confidential, etc.

This is NOT the approach that MIT takes, because of context. Consider two different data elements: the Social Security Number (SSN), and primary home address.

Social Security Numbers (when present with other data such as name) are always classified as most sensitive. Faculty, employees, students, donors, and beneficiaries are all at risk if SSNs are inappropriately exposed.

Primary home address can only be classified if one knows "Whose?" address we are talking about. For students, this data is restricted (due to FERPA) and must be carefully guarded. For employees and faculty, this might be data that we consider confidential, but its disclosure probably does not put the employee at great risk, nor does it violate the terms of any Federal law, or MIT Policy, so it would receive moderate protections. On the other hand, major benefactors to the Institute who provide a variety of personal information as part of their relationship with MIT might require even more significant protection than that provided for students.

Thus MIT's data classification process - still the task of assigning levels of sensitivity - must be context sensitive in many cases, and incidents involving data in MIT's custody should be judged on a case-by-case basis.

MIT acknowledges its debt to Stanford University for its model from which the MIT Data Classification model posted below was adapted.