Purpose

Category F data includes data that the University is under obligation to make available to the public, and data for which there is no expectation of privacy or confidentiality. Category F data is also subject to State of Oklahoma Policy, Standards, Procedures, and Guidelines (PSPG).

Data Collection and Use

1. No protection requirements

Granting Access or Sharing

1. No protection requirements

Disclosure or Posting

1. No protection requirements

Electronic Display

1. No protection requirements

Open Records Request

1. Data can be readily provided upon request with approval from the OU Open Records Office. 

Exchanging with Third Parties, Service Providers, or Cloud Services

1. An IT Security Assessment must be scheduled with OU IT GRC before the purchase or integration of new hardware, software, or third-party technology services that collect, store, transmit, or process Category F Data. 

Storing or Processing: Server Environment

1. Servers that connect to the OU network shall comply with IT Security Policies and Standards.

Storing or Processing: Endpoint Environment (e.g., laptop, phone, desktop, tablet, etc.)

1. Endpoints that connect to the OU network shall comply with IT Security Policies and Standards.

Storing on Removable Media (e.g., USB drives, flash drives, CDs, DVDs, etc.)

1. No protection requirements

Electronic Transmission

1. No protection requirements

Email and other Messaging

1. No protection requirements

Copying and Printing

1. No protection requirements

Retention and Disposal

1. Data shall be retained in accordance with the State of Oklahoma General Records Disposition Schedule for State Universities and Colleges.  
2. Copies of records may be destroyed when they are no longer required for administrative purposes.

Revision, Review, and Approval History

• October 2023: OU IT Governance, Risk, and Compliance: Initial draft, opened for comments
• January 2024: OU IT Governance, Risk, and Compliance: Comment period closed