Know Your Data

Traci Farrell's picture

Data powers our work in healthcare, research, education, and administration. In short, our data is everything to our mission.

Our data landscape is vast – we generate and work with many types of data – and we shouldn’t handle it all the same way. Just like you share some information on Facebook and keep other information private, UCSF has different categories of information that require different protection levels.

With data breaches happening every day it’s more important than ever to own your responsibility for using and protecting our data properly.

UCSF Data Classification Standard

Our Data Classification Standard is the guide we use to classify and determine protection levels for all data owned and managed by UCSF in compliance with UCOP policy. Please review the UCSF standard for a comprehensive list of data types, policy and legal requirements, access levels, and adverse business impacts.

UCOP Data Protection Levels

UCSF Minimum Security Standards apply for all data. Additional security controls are required for data at higher protection levels. Some examples include:

Review UCOP Policy BFB-IS-3: Electronic Information Security to learn what security controls are required for each protection level.

Working with UCSF research data

Restricted data, such as protected health information (PHI), and sensitive data, such as deidentified health information, require extra protection. These resources are designed to make data access and policy compliance easy and seamless.

Securing your data and devices

It is your responsibility to properly access, store, transmit, and physically secure any UCSF data you work with. Make sure your devices meet UCSF's minimum security standards.