The Princeton University Information Security Policy provides a framework to protect University records and information. The confidentiality requirement for an information collection will be expressed in the following terms:

• “Public” - Information can be freely shared with individuals on or off campus without any further authorization by the appropriate Information Guardian/designee.
• “Internal” - Information can be freely shared with members of the University community. Sharing such information with individuals outside of the University community requires authorization by the appropriate Information Guardian/designee.
• “Departmental” - Information can be freely shared with members of the owning department. Sharing such information with individuals outside of the owning department requires authorization by the appropriate Information Guardian/designee.
• “Confidential” - Information can only be shared on a “need to know” basis with individuals who have been authorized by the appropriate Information Guardian/designee, either by job function or by name.
• “Highly confidential” - Information can only be shared on a “need to know” basis with a limited number of individuals who have been identified by the appropriate Information Guardian/ designee.

For more on information security and classification, please see Princeton's Protect Our Info website.