Revised: 07/08/13
This document provides an expanded list of representative examples of data classified as Level One data. This list is provided to help stewards, users, managers, and information service providers with a method for evaluating the level of protection required for their systems.
NOTE: Social Security Numbers may be stored on only authorized systems, such as the payroll system. They are released only as required by law; for example, to the IRS for tax purposes.
This list is not all-inclusive and it does not cover the release of information.
Patient Medical/Health Information (HIPAA)
The following information is confidential:
- Social security number
- Patient names, street address, city, county, zip code, telephone / fax numbers
- Dates (except year) related to an individual, account / medical record numbers, health plan beneficiary numbers
- Personal vehicle information
- Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers and full face images
- Any other unique identifying number, characteristic, or code
- Payment Guarantor’s information
- Health status and provision of health care
Student Records (FERPA)
The following information is confidential. This applies to both enrolled and prospective student data.
- Social security number
- Grades (including test scores, assignments, and class grades)
- Student financials, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, student bills
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers
Note that for enrolled students, the following data may ordinarily be revealed by the university without student consent unless the student designates otherwise:
- Name, directory address and phone number, mailing address, secondary mailing or permanent address, residence assignment and room or apartment number, campus office address (for graduate students)
- Electronic mail address
- Specific semesters of registration at SCU; SCU degree(s) awarded and date(s); major(s), minor(s), and field(s); university degree honors
- Institution attended immediately prior to SCU
- ID card photographs for course instructor use
Donor/Alumni Information
The following information is confidential:
- Social security number
- Name
- Personal financial information
- Family information
- Medical information
- Credit card numbers, bank account numbers, amount / what donated
- Telephone / fax numbers, e-mail, URLs
Research Information (Granting Agency Agreements, Other . . .)
The following information is confidential:
- Human subject information
- Sensitive research data
Employee Information
The following employee information is confidential:
- Social security number
- Personal financial information, including non-UT income level and sources
- Insurance benefit information
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers
Family information, home address, and home phone number may be revealed unless restricted by the employee.
Business/Vendor Data (Gramm-Leach-Bliley Act, Non-Disclosure Agreement)
The following information is confidential:
- Vendor social security number
- Credit card information
- Contract information (between SCU and a third party)
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers
- Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses
Other Institutional Data (Gramm-Leach-Bliley Act, Other Considerations)
The following information is confidential:
- Information pertaining to the University Development Office
- Financial records
- Contracts
- Physical plant detail
- Credit card numbers
- Certain management information
- Critical infrastructure detail
- User account passwords
Payment Card Industry Data Security Standard
The following information is confidential:
- Social security number
- Name
- Address
- Credit card numbers, bank account numbers
- Telephone / fax numbers, e-mail
Portions adapted with permission from Stanford University and Boise State University