Printed on: 12/13/2018. Please go to http://policy.umn.edu for the most current version of the Policy or related document.
Appendix

Data Security Classifications by Type

Appendix to Policy

Overview

This appendix assists University community members in identifying the appropriate data security classification (Private-Highly Restricted, Private-Restricted, or Public).

Data Security Classification Examples

The following table provides examples of data by the corresponding data security classification.

Data Security ClassificationExamples
Public
  • Employee data
    • Name
    • Email address
    • Employee ID number
    • Salary
    • Gross pension
    • Value and nature of fringe benefits
    • Expense reimbursements
    • Job title(s)
    • Job description
    • Education and training
    • Previous work experience
    • First and last employment
    • Existence and status of complaints
    • Terms of buy-out agreements
    • Work location
    • Work phone number
    • Badge number
    • Honors and awards received
  • Student Directory information, unless the student has requested non-disclosure (suppressed)
    • Name
    • Address
    • Email address
    • Telephone number
    • Dates of enrollment/registration
    • Enrollment/registration status
    • Major
    • Adviser
    • College
    • Class
    • Academic awards and honors received
    • Degree received
  • Financial data on public sponsored projects
  • Course offerings
  • Invoices and purchase orders
  • Budgets
  • Payroll timesheets
Private-Restricted
  • Employee or Student Data
    • Birth date
    • Home phone number (see Student Directory information)
    • Home address (see Student Directory information)
    • Government issued ID number (driver's license, passport)
    • UCard number (17 digit)
    • UCard iCLASS number
    • UCard Mifare number
    • Parking leases
    • Gender/sexual orientation
    • Ethnicity
    • Citizenship
    • Citizen visa code
    • Veteran and disability status
  • Student Directory information if student has requested non-disclosure (suppressed)
    • Name
    • Address
    • Email address
    • Telephone number
    • Dates of enrollment/registration
    • Enrollment/registration status
    • Major
    • Adviser
    • College
    • Class
    • Academic awards and honors received
    • Degree received
  • Student Non-Directory data, including
    • Grades
    • Courses taken
    • Class schedule
    • Test scores
    • Advising records
    • Educational services received
    • Disciplinary actions
    • Student ID number
    • Immunization records
    • Career services records
  • Linking a library patron’s personal identity with materials requested or borrowed by the person or with a specific subject about which the person has requested information or materials
  • Donor and gift data
  • Location of assets (e.g., specific information on where the University physically or electronically stores data, or technology that must be protected)
  • Passwords, PIN numbers, or other types of authentication (e.g., multi-factor/two-factor, biometrics)
  • Trade secrets or intellectual property
  • Sealed bids
  • Unpublished research data that have not been made public, such as de-identified data or proprietary research materials
Private-Highly Restricted
  • Social security number
  • Legal investigations conducted by the University
  • Human subjects research data or other sensitive research data
  • Medical records, protected health information as defined by Health Insurance Portability and Accountability Act (HIPAA)
  • Payment card information regulated by the Payment Card Industry Data Security Standard (PCI DSS)
  • Bank account information for individuals
  • Financial data as defined by Gramm-Leach Biley Act (GLBA)

For research data, see guidance provided by Liberal Arts Technologies & Innovation Services (LATIS).

Document Feedback