University of Minnesota  Appendix

Data Security Classifications by Type


Expand all


Table of Contents

TOC placeholder


Please use the contact section in the governing policy.


This appendix assists University community members in identifying the appropriate data security classification (Private-Highly Restricted, Private-Restricted, or Public).

Data Security Classification Examples

The following table provides examples of data by the corresponding data security classification.

Data Security ClassificationExamples
  • Employee data
    • Name
    • Email address
    • Employee ID number
    • Salary
    • Gross pension
    • Value and nature of fringe benefits
    • Expense reimbursements
    • Job title(s)
    • Job description
    • Education and training
    • Previous work experience
    • First and last employment
    • Existence and status of complaints
    • Terms of buy-out agreements
    • Work location
    • Work phone number
    • Badge number
    • Honors and awards received
  • Student Directory information, unless the student has requested non-disclosure (suppressed)
    • Name
    • Dates of enrollment/registration
    • Enrollment/registration status
    • Major
    • Adviser
    • College
    • Class
    • Academic awards and honors received
    • Degree received
  • Financial data on public sponsored projects
  • Course offerings
  • Invoices and purchase orders
  • Budgets
  • Payroll timesheets
  • Employee or Student Data
    • Birth date
    • Home phone number (see Student Directory information)
    • Home address (see Student Directory information)
    • Government issued ID number (driver's license, passport)
    • UCard number (17 digit)
    • UCard iCLASS number
    • UCard Mifare number
    • Parking leases
    • Gender/sexual orientation
    • Ethnicity
    • Citizenship
    • Citizen visa code
    • Veteran and disability status
  • Student Limited Directory information
    • student address
    • student email address
    • student phone number
  • Student Directory information if student has requested non-disclosure (suppressed)
    • Name
    • Address
    • Email address
    • Telephone number
    • Dates of enrollment/registration
    • Enrollment/registration status
    • Major
    • Adviser
    • College
    • Class
    • Academic awards and honors received
    • Degree received
  • Student Non-Directory data, including
    • Grades
    • Courses taken
    • Class schedule
    • Test scores
    • Advising records
    • Educational services received
    • Disciplinary actions
    • Student ID number
    • Immunization records
    • Career services records
  • Linking a library patron’s personal identity with materials requested or borrowed by the person or with a specific subject about which the person has requested information or materials
  • Donor and gift data
  • Location of assets (e.g., specific information on where the University physically or electronically stores data, or technology that must be protected)
  • Passwords, PIN numbers, or other types of authentication (e.g., multi-factor/two-factor, biometrics)
  • Trade secrets or intellectual property
  • Sealed bids
  • Unpublished research data that have not been made public, such as de-identified data or proprietary research materials
Private-Highly Restricted
  • Social security number
  • Legal investigations conducted by the University
  • Human subjects research data or other sensitive research data
  • Medical records, protected health information as defined by Health Insurance Portability and Accountability Act (HIPAA)
  • Payment card information regulated by the Payment Card Industry Data Security Standard (PCI DSS)
  • Bank account information for individuals
  • Financial data as defined by Gramm-Leach-Bliley Act (GLBA)
  • Federal Tax Information (FTI) as defined by the Federal Department of Education

For research data, see guidance provided by Liberal Arts Technologies & Innovation Services (LATIS).