Skip to main content
Northwestern University

Sensitive Data Definitions and Policies

The University Data Access Policy states that certain data types are sensitive. Sensitive data are any data, which when compromised in "confidentiality, integrity, and/or availability, could adversely affect University interests or the privacy to which individuals are entitled."

The different categories of sensitive data are defined in the NUIT File Sharing Overview along with a comparison of which file sharing solutions are appropriate for the different categories. The two most important types of sensitive data to remember are:

Internal: Sensitive
(e.g. salary plans, employment data, budgets, donor information, IRB data, CTEC, patent information)


Legally/Contractually Restricted
(e.g. PHI, SSN, PII, student records, medical records)

Weinberg IT has developed SAFER to augment Box as a data sharing solution, such that Box can become an acceptable storage location for Internal Sensitive and Legally/Contractually restricted information. 

Sensitive and Non-Sensitive Folders

With the SAFER method, data owners (Stewards) are asked to categorize folders with information deemed sensitive separately from non-sensitive folders. SAFER tracks activities related to sensitive folders only.

Back to top