Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

All Seattle Pacific University Institutional Data is classified into one of the four classifications or sensitivity levels described below: Restricted, High, Moderate, and Low. For more detail, see:

  • About Sensitive Data Classification. Classification levels drive required and recommended protections.
    Examples of Sensitive Data by U-M Role. Data examples grouped by the U-M community members who work with them the most.
    Sensitive Data Guide to IT Services. Which IT services at U-M can be used to store and share particular data types.
RESTRICTED
  • Disclosure could cause severe harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Has the most stringent legal or regulatory requirements and requires the most prescriptive security controls.
  • Legal and/or compliance regime may require assessment or certification by an external, third party.


 See examples...
  • HIPAA protected health records
  • PCI-DSS regulated credit card information
  • FISMA protected research
HIGH
  • Disclosure could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Usually subject to legal and regulatory requirements due to data that are individually identifiable, highly sensitive and/or confidential. 


 See examples...
  • Attorney client privilege records
  • Financial accounts and direct deposit information
  • Human Subject research data
  • Social Security Numbers
  • Student loan application information (GLBA)
MODERATE
  • Disclosure could cause limited harm to individuals and/or the university with some risk of civil liability.
  • May be subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary. 


 See examples...
  • Building plans and associated information
  • Contracts with third-party entities
  • Donor records (individual)
  • Employee records (multiple types)
  • Emergency planning information
  • Immigration documents (such as visas)
  • Intellectual or other proprietary property
  • Student education records (FERPA)
  • University non-public financial information
LOW
  • Encompasses public information and data for which disclosure poses little to no risk to individuals or the university.
  • Anyone regardless of institutional affiliation can access without limitation.


 See examples...
  • Course catalogs and time schedule
  • Faculty, staff, and student directory information (unless there is a privacy block)
  • General institutional and business information not classified as RestrictedHigh, or Moderate
  • Information in the public domain
  • Public websites
  • Published research (barring other publication restrictions)
  • Research Awards
  • Research Proposals
  • No labels