Versions Compared

Old Version 10

changes.mady.by.user Micah Schaafsma

Saved on

compared with

New Version Current

changes.mady.by.user Micah Schaafsma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
bgColor#F9F9F9
borderWidth0
titleBGColor#f44336
titleRESTRICTED
Disclosure

Data are classified as restricted if:

Anchor
restricted
restricted

  • disclosure could cause severe harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Has the most stringent legal or regulatory requirements and requires the most prescriptive security controls.
  • Legal
  • the University is required to self-report to the government or the public notice if the data is inappropriately accessed or handled
  • legal and/or compliance regime may require assessment or certification by an external, third party.
  • loss of confidentiality, integrity or availability of the data has a significant risk to the University's reputation, finances, life and safety of the community, or increases security risk of other systems and data


Expand
titleSee examples...

 Examples include, but are not limited to:

  • HIPAA protected health records
  • PCI-DSS regulated credit card information
  • FISMA protected research
  • Usernames and passwords



Disclosure
Panel
bgColor#F9F9F9
borderWidth0
titleBGColor#f57c00
titleCONFIDENTIAL

Data are classified as confidential if:

Anchor
confidential
confidential

  • disclosure could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Usually the data is subject to legal and regulatory requirements due to data that are individually identifiable, highly sensitive and/or confidential
  • loss of confidentiality, integrity or availability of the data has a moderate risk to the University's mission, reputation and/or finances
  • exposure poses low risk to life and safety


Expand
titleSee examples...

Examples include, but are not limited to:

  • Attorney client privilege records
  • Financial accounts and direct deposit information
  • Human Subject research data
  • Social Security Numbers
  • Student loan application information (GLBA)
  • Passport, visa, and alien registration numbers
  • Taxpayer and employer identification numbers
  • Health insurance identification numbers


...

Panel
bgColor#F9F9F9
borderWidth0
titleBGColor#ffc107
titleINTERNAL

Data are classified as internal if:

Anchor
internal
internal

  • Disclosure could cause limited harm to individuals and/or the university with some risk of civil liability.
  • May be subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary. 
  • loss of confidentiality, integrity or availability of the data has a little risk to the University's mission, reputation and/or finances
  • exposure poses no risk to life and safety


Expand
titleSee examples...

 Examples include, but are not limited to:

  • Student education records (FERPA)
  • Student ID Number
  • Research data or results prior to publication or the filing of a patent application
  • Building plans, real-estate transactions, and associated information
  • Threat assessments and preparedness strategies
  • Contracts with third-party entities
  • Donor records (individual)
  • Employee records (multiple types)
  • Emergency planning information
  • Immigration documents (such as visas)
  • Intellectual or other proprietary propertyStudent education records (FERPA)
  • University non-public financial information


...

  • Encompasses public information and data for which disclosure poses little to no risk to individuals or the university.
    • Anyone regardless of institutional affiliation can access without limitation.
    Panel
    bgColor#F9F9F9
    borderWidth0
    titleBGColor#4caf50
    titlePUBLIC

    Data are classified as public if:

    Anchor
    public25
    public25

    • data is intended for public release
    • loss of confidentiality, integrity or availability of the data has a no risk to the University's mission, reputation and/or finances
    • exposure poses no risk to life and safety


    Expand
    titleSee examples...

     Examples include, but are not limited to:

    • Course catalogs and time schedule
    • Faculty, staff, and student directory information (unless there is a privacy block)
    • General institutional and business information not classified as RestrictedConfidential, or Internal
    • Information in the public domain
    • Public websites
    • Published research (barring other publication restrictions)
    • Research Awards
    • Research Proposals


    ...