蹤獲扦 PUBLIC
蹤獲扦 Public Data generally has a very low sensitivity, but it still warrants protection
since the integrity and protection of the data can be important. 蹤獲扦 Public Data is
explicitly or implicitly approved for distribution to the public without restriction.
Examples of 蹤獲扦 Public Data include, but are not limited to, the following:
Examples:
- Information provided on the University's public website;
- Information approved for release by the Registrar's Office that has been deemed "Directory Information," as defined by the University in accordance with the ;
- Course descriptions;
- Semester course schedules; or
- Press releases and openly accessible publications.
蹤獲扦 PRIVATE
蹤獲扦 Private Data is information that has low to moderate sensitivity and that is intended
for internal University business use only, with access restricted to a specific workgroup,
department, group of individuals, or affiliates with a legitimate need to use or access
the information. Unauthorized disclosure could adversely impact the University, Controlled
Affiliate Organizations, third parties, or individuals. Examples of 蹤獲扦 Private Data
include, but are not limited to, the following:
INTERNAL USE ONLY
蹤獲扦 Private data that should only be sent internal to the organization to 蹤獲扦 personnel.
(Cannot be shared externally)
Examples:
- Financial accounting data that does not also contain 蹤獲扦 Restricted Data;
- Departmental intranet;
- Information technology transaction logs;
- My蹤獲扦 ID;
- Information security logs;
- Directory information for students, faculty, and staff who have requested non-disclosure,
such as students opting out under FERPA; or
- Non-directory information or student records that are protected under FERPA, which
includes information that is directly related to a student and maintained by an educational
institution or by a party acting for the agency or institution.
蹤獲扦 RESTRICTED
蹤獲扦 Restricted Data is highly sensitive information maintained, collected, or recorded
by 蹤獲扦 that is intended for limited, specific use by a workgroup, department, group
of individuals, or third party (typically pursuant to a contract or agreement) with
a legitimate need to use or access the data. Explicit authorization by the designated
Data Owner is required for access to 蹤獲扦 Restricted Data because of legal, contractual,
privacy, or other constraints. Unauthorized disclosure could have a serious adverse
impact on the business or research functions of the University, affiliates, or external
parties and violate the personal privacy of individuals, federal or state laws and
regulations, or contractual obligations of the University. Examples of 蹤獲扦 Restricted
Data include, but are not limited to, the following:
Sensitive Personally Identifiable Information (SPII)
There are two classes of SPII. The first class includes SPII that is sensitive regardless
of whether any other identifier is paired with it ("Stand-Alone"). The second class
of SPII becomes sensitive when it is combined with other types of Personally Identifiable
Information (PII). The following are examples of each type of SPII:
Stand-Alone SPII:
-
- Social Security, driver's license, state ID, alien registration, or passport numbers;
- Financial Account Number or credit/debit card numbers;
- Identifiable Genetic Information and Biometric Identifiers;
- Data of a known child (less than 13 years of age); or Federal Tax Information
SPII when paired with other PII (such as a name or identification number):
-
- Medical Records (personal health information not covered under HIPAA; identifiable
FERPA treatment records);
- Citizenship or immigration status;
- Racial or ethnic origin;
- Religious or philosophical beliefs;
- Sexual orientation;
- Criminal records;
- Employment records;
- Date of birth;
- Precise geolocation or Internet Protocol addresses (IP addresses);
- Last four digits of Social Security Number;
- Mother's maiden name;
- Union Membership;
- Text Messages (unless the business holding them is the intended recipient of the text
message); or
- Videos, audio, or pictures of a person taken when the person would have an expectation
of privacy (i.e., treatment videos taken in a clinic, etc.).
- Protected Health Information (PHI) (including Designated Record Sets) held by Covered
Entities or researchers at 蹤獲扦;
- Controlled Unclassified Information (CUI);
- Information or data classified as "For Official Use Only" (FOUO);
- Information or data subject to federal export control regulations; or
- Facilities and Technology Control Plans
INTERNAL USE ONLY
蹤獲扦 Restricted information that should only be sent internal to the organization to
蹤獲扦 personnel. (Cannot be shared externally)
Effect:
- Emails with any 蹤獲扦 RESTRICTED label applied will be encrypted
蹤獲扦 PROPRIETARY
Proprietary Data is either (1) University Data provided to a third party or (2) third-party
data created, received, and/or maintained by the University on behalf of a third party such as an individual, corporation,
or government agency. Proprietary Data will vary depending on contractual agreements
and/or relevant laws or regulations.
INTERNAL USE ONLY
蹤獲扦 Proprietary information that should only be sent internal to the organization
to 蹤獲扦 personnel. (Cannot be shared externally)
Examples:
Effect:
- Emails with any 蹤獲扦 PROPRIETARY label applied will be encrypted