Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

All Seattle Pacific University Institutional Data is classified into one of the four classifications or sensitivity levels described below: Restricted, Confidential, Internal, and Public. For more detail, see:

About Sensitive Data Classification

Classification levels drive required and recommended protections.
Examples of Sensitive Data by SPU Role. Data examples grouped by the SPU community members who work with them the most.
Sensitive Data Guide to IT Services. Which IT services at SPU can be used to store and share particular data types.

RESTRICTED
  • Disclosure could cause severe harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Has the most stringent legal or regulatory requirements and requires the most prescriptive security controls.
  • Legal and/or compliance regime may require assessment or certification by an external, third party.


 See examples...
  • HIPAA protected health records
  • PCI-DSS regulated credit card information
  • FISMA protected research
CONFIDENTIAL
  • Disclosure could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Usually subject to legal and regulatory requirements due to data that are individually identifiable, highly sensitive and/or confidential. 


 See examples...
  • Attorney client privilege records
  • Financial accounts and direct deposit information
  • Human Subject research data
  • Social Security Numbers
  • Student loan application information (GLBA)
INTERNAL
  • Disclosure could cause limited harm to individuals and/or the university with some risk of civil liability.
  • May be subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary. 


 See examples...
  • Building plans and associated information
  • Contracts with third-party entities
  • Donor records (individual)
  • Employee records (multiple types)
  • Emergency planning information
  • Immigration documents (such as visas)
  • Intellectual or other proprietary property
  • Student education records (FERPA)
  • University non-public financial information
PUBLIC
  • Encompasses public information and data for which disclosure poses little to no risk to individuals or the university.
  • Anyone regardless of institutional affiliation can access without limitation.


 See examples...
  • Course catalogs and time schedule
  • Faculty, staff, and student directory information (unless there is a privacy block)
  • General institutional and business information not classified as RestrictedConfidential, or Internal
  • Information in the public domain
  • Public websites
  • Published research (barring other publication restrictions)
  • Research Awards
  • Research Proposals
  • No labels