Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

All Seattle Pacific University Institutional Data is classified into one of the four classifications or sensitivity levels described below: Restricted, Confidential, Internal, and Public.

For more detail regarding handling of Regulated Data, the Regulated Data Chart provides an overview of the types of regulated data that are permitted in various systems/platforms.


RESTRICTED
  • Disclosure could cause severe harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Has the most stringent legal or regulatory requirements and requires the most prescriptive security controls.
  • Legal and/or compliance regime may require assessment or certification by an external, third party.


 See examples...
  • HIPAA protected health records
  • PCI-DSS regulated credit card information
  • FISMA protected research
CONFIDENTIAL
  • Disclosure could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability.
  • Usually subject to legal and regulatory requirements due to data that are individually identifiable, highly sensitive and/or confidential. 


 See examples...
  • Attorney client privilege records
  • Financial accounts and direct deposit information
  • Human Subject research data
  • Social Security Numbers
  • Student loan application information (GLBA)
INTERNAL
  • Disclosure could cause limited harm to individuals and/or the university with some risk of civil liability.
  • May be subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary. 


 See examples...
  • Building plans and associated information
  • Contracts with third-party entities
  • Donor records (individual)
  • Employee records (multiple types)
  • Emergency planning information
  • Immigration documents (such as visas)
  • Intellectual or other proprietary property
  • Student education records (FERPA)
  • University non-public financial information
PUBLIC
  • Encompasses public information and data for which disclosure poses little to no risk to individuals or the university.
  • Anyone regardless of institutional affiliation can access without limitation.


 See examples...
  • Course catalogs and time schedule
  • Faculty, staff, and student directory information (unless there is a privacy block)
  • General institutional and business information not classified as RestrictedConfidential, or Internal
  • Information in the public domain
  • Public websites
  • Published research (barring other publication restrictions)
  • Research Awards
  • Research Proposals
  • No labels