You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 10
Next »
All Seattle Pacific University Institutional Data is classified into one of the four classifications or sensitivity levels described below: Restricted, Confidential, Internal, and Public.
For more detail regarding handling of Regulated Data, the Regulated Data Chart provides an overview of the types of regulated data that are permitted in various systems/platforms.
- Disclosure could cause severe harm to individuals and/or the university, including exposure to criminal and civil liability.
- Has the most stringent legal or regulatory requirements and requires the most prescriptive security controls.
- Legal and/or compliance regime may require assessment or certification by an external, third party.
See examples...
Examples include, but are not limited to:
- HIPAA protected health records
- PCI-DSS regulated credit card information
- FISMA protected research
- Disclosure could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability.
- Usually subject to legal and regulatory requirements due to data that are individually identifiable, highly sensitive and/or confidential.
See examples...
Examples include, but are not limited to:
- Attorney client privilege records
- Financial accounts and direct deposit information
- Human Subject research data
- Social Security Numbers
- Student loan application information (GLBA)
- Passport, visa, and alien registration numbers
- Taxpayer and employer identification numbers
- Health insurance identification numbers
- Disclosure could cause limited harm to individuals and/or the university with some risk of civil liability.
- May be subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary.
See examples...
Examples include, but are not limited to:
- Research data or results prior to publication or the filing of a patent application
- Building plans, real-estate transactions, and associated information
- Threat assessments and preparedness strategies
- Contracts with third-party entities
- Donor records (individual)
- Employee records (multiple types)
- Emergency planning information
- Immigration documents (such as visas)
- Intellectual or other proprietary property
- Student education records (FERPA)
- University non-public financial information
- Encompasses public information and data for which disclosure poses little to no risk to individuals or the university.
- Anyone regardless of institutional affiliation can access without limitation.
See examples...
Examples include, but are not limited to:
- Course catalogs and time schedule
- Faculty, staff, and student directory information (unless there is a privacy block)
- General institutional and business information not classified as Restricted, Confidential, or Internal
- Information in the public domain
- Public websites
- Published research (barring other publication restrictions)
- Research Awards
- Research Proposals