This appendix assists University community members in identifying the appropriate data security classification (Private-Highly Restricted, Private-Restricted, or Public).
Data Security Classification Examples
The following table provides examples of data by the corresponding data security classification.
Data Security Classification
Examples
Public
Employee data
Name
Email address
Employee ID number
Salary
Gross pension
Value and nature of fringe benefits
Expense reimbursements
Job title(s)
Job description
Education and training
Previous work experience
First and last employment
Existence and status of complaints
Terms of buy-out agreements
Work location
Work phone number
Badge number
Honors and awards received
Student Directory information, unless the student has requested non-disclosure (suppressed)
Name
Dates of enrollment/registration
Enrollment/registration status
Major
Adviser
College
Class
Academic awards and honors received
Degree received
Financial data on public sponsored projects
Course offerings
Invoices and purchase orders
Budgets
Payroll timesheets
Private-Restricted
Employee or Student Data
Birth date
Home phone number (see Student Directory information)
Home address (see Student Directory information)
Government issued ID number (driver's license, passport)
UCard number (17 digit)
UCard iCLASS number
UCard Mifare number
Parking leases
Gender/sexual orientation
Ethnicity
Citizenship
Citizen visa code
Veteran and disability status
Student Limited Directory information
student address
student email address
student phone number
Student Directory information if student has requested non-disclosure (suppressed)
Name
Address
Email address
Telephone number
Dates of enrollment/registration
Enrollment/registration status
Major
Adviser
College
Class
Academic awards and honors received
Degree received
Student Non-Directory data, including
Grades
Courses taken
Class schedule
Test scores
Advising records
Educational services received
Disciplinary actions
Student ID number
Immunization records
Career services records
Linking a library patron’s personal identity with materials requested or borrowed by the person or with a specific subject about which the person has requested information or materials
Donor and gift data
Location of assets (e.g., specific information on where the University physically or electronically stores data, or technology that must be protected)
Passwords, PIN numbers, or other types of authentication (e.g., multi-factor/two-factor, biometrics)
Trade secrets or intellectual property
Sealed bids
Unpublished research data that have not been made public, such as de-identified data or proprietary research materials
Private-Highly Restricted
Social security number
Legal investigations conducted by the University
Human subjects research data or other sensitive research data
Medical records, protected health information as defined by Health Insurance Portability and Accountability Act (HIPAA)
Payment card information regulated by the Payment Card Industry Data Security Standard (PCI DSS)
Bank account information for individuals
Financial data as defined by Gramm-Leach-Bliley Act (GLBA)
Federal Tax Information (FTI) as defined by the Federal Department of Education
Appendix