Purpose
Category F data includes data that the University is under obligation to make available to the public, and data for which there is no expectation of privacy or confidentiality. Category F data is also subject to State of Oklahoma Policy, Standards, Procedures, and Guidelines (PSPG).
Data Collection and Use
- No protection requirements
Granting Access or Sharing
- No protection requirements
Disclosure or Posting
- No protection requirements
Electronic Display
- No protection requirements
Open Records Request
- Data can be readily provided upon request with approval from the OU Open Records Office.
Exchanging with Third Parties, Service Providers, or Cloud Services
- An IT Security Assessment must be scheduled with OU IT GRC before the purchase or integration of new hardware, software, or third-party technology services that collect, store, transmit, or process Category F Data.
Storing or Processing: Server Environment
- Servers that connect to the OU network shall comply with IT Security Policies and Standards.
Storing or Processing: Endpoint Environment (e.g., laptop, phone, desktop, tablet, etc.)
- Endpoints that connect to the OU network shall comply with IT Security Policies and Standards.
Storing on Removable Media (e.g., USB drives, flash drives, CDs, DVDs, etc.)
- No protection requirements
Electronic Transmission
- No protection requirements
Email and other Messaging
- No protection requirements
Copying and Printing
- No protection requirements
Retention and Disposal
- Data shall be retained in accordance with the State of Oklahoma General Records Disposition Schedule for State Universities and Colleges.
- Copies of records may be destroyed when they are no longer required for administrative purposes.
Revision, Review, and Approval History
- October 2023: OU IT Governance, Risk, and Compliance: Initial draft, opened for comments
- January 2024: OU IT Governance, Risk, and Compliance: Comment period closed