Know Your Data
Data powers our work in healthcare, research, education, and administration. In short, our data is everything to our mission.
Our data landscape is vast – we generate and work with many types of data – and we shouldn’t handle it all the same way. Just like you share some information on Facebook and keep other information private, UCSF has different categories of information that require different protection levels.
With data breaches happening every day it’s more important than ever to own your responsibility for using and protecting our data properly.
UCSF Data Classification Standard
Our Data Classification Standard is the guide we use to classify and determine protection levels for all data owned and managed by UCSF in compliance with UCOP policy. Please review the UCSF standard for a comprehensive list of data types, policy and legal requirements, access levels, and adverse business impacts.
UCSF Minimum Security Standards apply for all data. Additional security controls are required for data at higher protection levels. Some examples include:
- Electronic media containing Protection Level 2 or higher data must be disposed of properly in compliance with the UC Institutional Information Disposal Standard.
- Applications you develop or purchase that store, process, or transmit Protection Level 3 or Level 4 data must complete a risk assessment.
Review UCOP Policy BFB-IS-3: Electronic Information Security to learn what security controls are required for each protection level.
Working with UCSF research data
Restricted data, such as protected health information (PHI), and sensitive data, such as deidentified health information, require extra protection. These resources are designed to make data access and policy compliance easy and seamless.
- Data resources for research
- Clinical data request process and policies
- Data deidentification validation service
Securing your data and devices
It is your responsibility to properly access, store, transmit, and physically secure any UCSF data you work with. Make sure your devices meet UCSF's minimum security standards.