Data Classification, Confidentiality, Retention and Disposal
ITS department will maintain the confidentiality of the data in their systems and data files.
Qatar University may forward users’ data and information to legal authorities based on formal and legal requests issued by formal authorities.
This policy is pursuant to the Standard Data Classification Levels (refer to “S.G.1 – Data Classification & Ownership” standard.
The following guidelines are defined by confidentiality level.
DC3 – QU Strictly Confidential
- Highly sensitive information should be strictly controlled, granted limited access and disclosure within the QU campus.
- Only QU employees and staff who have authorisation from the relevant information owner, and have a signed confidentiality agreement can access this type of information.
- In certain cases a Witten approval might be needed to handle this type of information depending on the data owner and department director.
DC2 – QU Confidential / Restricted
- Only QU employees and staff who have a legitimate business and operational need may have access to this type of information.
- Disclosure of this type of information requires the approval of the data owner.
DC1 – QU Internal
- Only QU employees and staff should have access to internal departmental information.
- Employees may share internal information with others based upon University business and operational needs.
DC0 – QU Public
- Public information is intended for general disclosure. There is no requirement for confidentiality controls.
Guidelines on the handling of confidential and restricted information at Qatar University include:
- Do not discuss or display QU confidential information in an environment where it may be viewed by unauthorised persons.
- Do not leave keys or access badges for rooms or file cabinets containing such confidential information in areas accessible to all.
- Do not send confidential information via instant message or unsecured file transfer unless it is encrypted.
- Store electronic media (including backups) containing such information in a secure location. If this media contains QU confidential information, encrypt it, inventory it and review the inventory periodically. ITS department has standard methods for data encryption (contact helpdesk).
- When printing, photocopying or faxing QU hard copy information, ensure that only an authorised person will be able to obtain the output.
The following guidelines are required when using, transmitting or storing sensitive information and are recommended for internal QU information:
- Do not send this information to a domain other than “qu.edu.qa” via email unless it is encrypted.
- Paper documents should be stored in a locked area to prevent unauthorized access.
University information records should be properly disposed with the assistance of ITS department, which will assist in appropriately destroying the media holding this information and will take special care not to wipe out needed information.