91¶ÌÊÓƵ

skip to content

Sensitive Information

Sensitive Information - Any data, electronic or physical copy, of which the compromise with respect to confidentiality, integrity, and/or availability could have a material adverse effect on 91¶ÌÊÓƵ interests, the conduct of University programs or the privacy to which individuals are entitled.  Examples of such data would include that data protected by the Government Records Access and Management Act (GRAMA), Family Education Rights and Privacy Act (FERPA), Gramm-Leach-Bliley Act (GLBA) or other laws governing the use of data or data that has been deemed by the University as requiring protective measures.

Private Information or Sensitive Information can be broken into three categories:

High-Risk – Data that could be used to steal an individual's identity or cause harm to the individual, and for which there are legal requirements or industry standards prohibiting or imposing financial penalties for unauthorized disclosure. Data covered by Gramm-Leach Bliley Act and Payment Card Industry are in this class.

Restricted – Information assets for which there are legal requirements prohibiting or imposing financial penalties for unauthorized disclosure. Data covered by federal and state legislation, such as Family Educational Rights and Privacy Act , Health Insurance Portability and Accountability Act , Government Records Access and Management Act , or the Data Protection Act, are in this class.

Confidential – Data that the University has determined should be protected because it may expose the University to loss if disclosed, but is not protected by federal or state legislation. For example, a user ID in combination with a password is considered to be confidential.


To learn about how to protect sensitive information, go to our Protecting Sensitive Data page.

Examples

This list is not exhaustive and should only be used as a reference for purposes of data protection. Data protection is the implementation of administrative, technical or physical measures to guard against the unauthorized access to data.

Employee Information

  • Social security number
  • Birthdate/place
  • Home phone number
  • Home address
  • Health records
  • Passwords
  • Gender
  • Ethnicity
  • Citizenship
  • Citizen visa code
  • Veteran and disability status

Non-directory Student Information

May not be released except under certain prescribed conditions. Non-releasable information includes:

  • Social security number
  • Student ID
  • Courses taken
  • Number of course units enrolled
  • Schedule
  • Last school attended
  • Test scores
  • Advising records
  • Educational services received
  • Disciplinary actions
  • Student e-mail
  • Grades and/or grade point average

Medical and Research Information

  • Name
  • All geographic subdivisions smaller than a state (street address, city, county, precinct) Note: zip code or equivalents must be removed, but can retain first three digits if the geographic unit to which the zip code applies if the zip code area contains more than 20,000 people.
  • For dates directly related to the individual, all elements of dates, except year (date of birth, admission date, discharge date, date of death).
  • All ages over 89 or dates indicating such an age, except that you may have an aggregate category of individuals 90 and older.
  • Telephone number
  • Fax number
  • Email address
  • Social security number
  • Medical record number
  • Health plan number
  • Account numbers
  • Certificate or license numbers
  • Vehicle identification/serial numbers, including license plate numbers
  • Device identification/serial numbers
  • Universal resource locators
  • Internet protocol addresses
  • Biometric identifiers
  • Full face photographs and comparable images
  • Any other unique identifying number, characteristic or code

Financial Information

Any information obtained during the offering or delivery of a financial product or service that is identifiable to an individual such as:

  • Name
  • Address
  • Phone number
  • Account balances
  • ACH numbers
  • Bank account numbers
  • Credit card numbers
  • Credit rating
  • Location of birth
  • Driver's license information
  • Income history
  • Payment history
  • Tax return information

Any information obtained during the processing of a credit card payment transaction that identifies individual consumers and their purchases, such as:

  • Account number
  • Expiration date
  • Name
  • Address
  • Social security number

Other Information

  • Legal investigations conducted by the University
  • Sealed bids
  • Trade secrets or intellectual property such as research activities
  • Location of assets
  • Linking a person with the specific subject about which the library user has requested information or materials.