University of Minnesota  Appendix

Data Security Classifications by Type


This appendix assists University community members in identifying the appropriate data security classification (Private-Highly Restricted, Private-Restricted, or Public).

Data Security Classification Examples

The following table provides examples of data by the corresponding data security classification.

Data Security Classification Examples
  • Employee data
    • Name
    • Email address
    • Employee ID number
    • Salary
    • Gross pension
    • Value and nature of fringe benefits
    • Expense reimbursements
    • Job title(s)
    • Job description
    • Education and training
    • Previous work experience
    • First and last employment
    • Existence and status of complaints
    • Terms of buy-out agreements
    • Work location
    • Work phone number
    • Badge number
    • Honors and awards received
  • Student Directory information, unless the student has requested non-disclosure (suppressed)
    • Name
    • Dates of enrollment/registration
    • Enrollment/registration status
    • Major
    • Adviser
    • College
    • Class
    • Academic awards and honors received
    • Degree received
  • Financial data on public sponsored projects
  • Course offerings
  • Invoices and purchase orders
  • Budgets
  • Payroll timesheets
  • Employee or Student Data
    • Birth date
    • Home phone number (see Student Directory information)
    • Home address (see Student Directory information)
    • Government issued ID number (driver's license, passport)
    • UCard number (17 digit)
    • UCard iCLASS number
    • UCard Mifare number
    • Parking leases
    • Gender/sexual orientation
    • Ethnicity
    • Citizenship
    • Citizen visa code
    • Veteran and disability status
  • Student Limited Directory information
    • student address
    • student email address
    • student phone number
  • Student Directory information if student has requested non-disclosure (suppressed)
    • Name
    • Address
    • Email address
    • Telephone number
    • Dates of enrollment/registration
    • Enrollment/registration status
    • Major
    • Adviser
    • College
    • Class
    • Academic awards and honors received
    • Degree received
  • Student Non-Directory data, including
    • Grades
    • Courses taken
    • Class schedule
    • Test scores
    • Advising records
    • Educational services received
    • Disciplinary actions
    • Student ID number
    • Immunization records
    • Career services records
  • Linking a library patron’s personal identity with materials requested or borrowed by the person or with a specific subject about which the person has requested information or materials
  • Donor and gift data
  • Location of assets (e.g., specific information on where the University physically or electronically stores data, or technology that must be protected)
  • Passwords, PIN numbers, or other types of authentication (e.g., multi-factor/two-factor, biometrics)
  • Trade secrets or intellectual property
  • Sealed bids
  • Unpublished research data that have not been made public, such as de-identified data or proprietary research materials
Private-Highly Restricted
  • Social security number
  • Legal investigations conducted by the University
  • Human subjects research data or other sensitive research data
  • Medical records, protected health information as defined by Health Insurance Portability and Accountability Act (HIPAA)
  • Payment card information regulated by the Payment Card Industry Data Security Standard (PCI DSS)
  • Bank account information for individuals
  • Financial data as defined by Gramm-Leach-Bliley Act (GLBA)

For research data, see guidance provided by Liberal Arts Technologies & Innovation Services (LATIS).