Confidentiality Requirements & Access

From the Princeton University Information Security Policy (http://www.princeton.edu/oit/it-policies/it-security-policy) The confidentiality requirement for an information collection will be expressed in the following terms:

  • “Public” information can be freely shared with individuals on or off campus without any further authorization by the appropriate Information Guardian/designee.
  • “Internal” information can be freely shared with members of the University community. Sharing such information with individuals outside of the University community requires authorization by the appropriate Information Guardian/designee.
  • “Departmental” information can be freely shared with members of the owning department. Sharing such information with individuals outside of the owning department requires authorization by the appropriate Information Guardian/designee.
  • “Confidential” information can only be shared on a “need to know” basis with individuals who have been authorized by the appropriate Information Guardian/designee, either by job function or by name.
  • “Highly confidential” information can only be shared on a “need to know” basis with a limited number of individuals who have been identified by the appropriate Information Guardian/ designee.