This appendix assists University community members in identifying the appropriate data security classification (Private-Highly Restricted, Private-Restricted, or Public).
Data Security Classification Examples
The following table provides examples of data by the corresponding data security classification.
Data Security Classification
Examples
Public
Employee data
Name
Email address
Employee ID number
Salary
Gross pension
Value and nature of fringe benefits
Expense reimbursements
Job title(s)
Job description
Education and training
Previous work experience
First and last employment
Existence and status of complaints
Terms of buy-out agreements
Work location
Work phone number
Badge number
Honors and awards received
Talent Acquisition
Job openings/postings
Job code/classification
Salary range
Student Directory information, unless the student has requested non-disclosure (suppressed)
Name
Dates of enrollment/registration
Enrollment/registration status
Major
Adviser
College
Class
Academic awards and honors received
Degree received
Financial data on public sponsored projects
Course offerings
Invoices and purchase orders
Budgets
Payroll timesheets
Private-Restricted
Employee or Student Data
Birth date
Employee personal phone number
Employee personal address
Employee ID photo
Government issued ID number (driver's license, passport)
UCard number (17 digit)
UCard iCLASS number
UCard Mifare number
Parking leases
Legal sex
Gender identity
Sexual Orientation
Pronouns
Race/Ethnicity
Citizenship
Citizen visa code
Veteran and disability status
Talent Acquisition
Job applicant data
Employee benefits (e.g. health insurance, retirement)
Employee time and absence
Performance evaluation/management data
Student Limited Directory information
Student address
Student email address
Student phone number
Student ID photo
Student Directory information if student has requested non-disclosure (suppressed)
Name
Dates of enrollment/registration
Enrollment/registration status
Major
Adviser
College
Class
Academic awards and honors received
Degree received
Student Non-Directory data, including
Personally-identifiable learning management system data (assignment grades, discussion posts, authentication data, etc.)
Grades
Courses taken
Class schedule
Test scores
Advising records
Personally-identifiable student record information and actions taken (balance owed, policy petitions, probation/suspension, service indicators, etc.)
Educational services received
Disability Resource Center services and accommodations
Disciplinary actions
Student ID number
Immunization records
Career services records
Linking a library patron’s personal identity with materials requested or borrowed by the person or with a specific subject about which the person has requested information or materials
Donor and gift data
Location of assets
Passwords, Personal Identification Numbers (PIN) numbers, or other types of authentication (e.g., API keys, multi-factor/two-factor, biometrics)
Trade secrets or intellectual property
Sealed bids
Unpublished research data that have not been made public, such as de-identified data or proprietary research materials
Private-Highly Restricted
Social security number
Legal investigations conducted by the University
Enterprise Systems authentication credentials
Human subjects research data or other sensitive research data
Medical records, protected health information as defined by Health Insurance Portability and Accountability Act (HIPAA)
Payment card information regulated by the Payment Card Industry Data Security Standard (PCI DSS)
Bank account information for individuals
Financial data as defined by Gramm-Leach-Bliley Act (GLBA)
Federal Tax Information (FTI) as defined by the Federal Department of Education
U of M Physicians (Company UMP) private practice income for employees
Appendix