Skip to main content
Santa Clara University
Information Services

Sample List of Level 1 Data

  1. Home
  2. Information Services
  3. Technology Policies, Procedures, and Standards
  4. Data Classification Standard
  5. Sample List of Level 1 Data

Revised: 07/08/13

This document provides an expanded list of representative examples of data classified as Level One data. This list is provided to help stewards, users, managers, and information service providers with a method for evaluating the level of protection required for their systems.

NOTE: Social Security Numbers may be stored on only authorized systems, such as the payroll system. They are released only as required by law; for example, to the IRS for tax purposes.

This list is not all-inclusive and it does not cover the release of information.

Patient Medical/Health Information (HIPAA)

The following information is confidential:

  • Social security number
  • Patient names, street address, city, county, zip code, telephone / fax numbers
  • Dates (except year) related to an individual, account / medical record numbers, health plan beneficiary numbers
  • Personal vehicle information
  • Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses
  • Access device numbers (ISO number, building access code, etc.)
  • Biometric identifiers and full face images
  • Any other unique identifying number, characteristic, or code
  • Payment Guarantor’s information
  • Health status and provision of health care

Student Records (FERPA)

The following information is confidential. This applies to both enrolled and prospective student data.

  • Social security number
  • Grades (including test scores, assignments, and class grades)
  • Student financials, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, student bills
  • Access device numbers (ISO number, building access code, etc.)
  • Biometric identifiers

Note that for enrolled students, the following data may ordinarily be revealed by the university without student consent unless the student designates otherwise:

  • Name, directory address and phone number, mailing address, secondary mailing or permanent address, residence assignment and room or apartment number, campus office address (for graduate students)
  • Electronic mail address
  • Specific semesters of registration at SCU; SCU degree(s) awarded and date(s); major(s), minor(s), and field(s); university degree honors
  • Institution attended immediately prior to SCU
  • ID card photographs for course instructor use

Donor/Alumni Information

The following information is confidential:

  • Social security number
  • Name
  • Personal financial information
  • Family information
  • Medical information
  • Credit card numbers, bank account numbers, amount / what donated
  • Telephone / fax numbers, e-mail, URLs

Research Information (Granting Agency Agreements, Other . . .)

The following information is confidential:

  • Human subject information
  • Sensitive research data

Employee Information

The following employee information is confidential:

  • Social security number
  • Personal financial information, including non-UT income level and sources
  • Insurance benefit information
  • Access device numbers (ISO number, building access code, etc.)
  • Biometric identifiers

Family information, home address, and home phone number may be revealed unless restricted by the employee.

Business/Vendor Data (Gramm-Leach-Bliley Act, Non-Disclosure Agreement)

The following information is confidential:

  • Vendor social security number
  • Credit card information
  • Contract information (between SCU and a third party)
  • Access device numbers (ISO number, building access code, etc.)
  • Biometric identifiers
  • Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses

Other Institutional Data (Gramm-Leach-Bliley Act, Other Considerations)

The following information is confidential:

  • Information pertaining to the University Development Office
  • Financial records
  • Contracts
  • Physical plant detail
  • Credit card numbers
  • Certain management information
  • Critical infrastructure detail
  • User account passwords

Payment Card Industry Data Security Standard

The following information is confidential:

  • Social security number
  • Name
  • Address
  • Credit card numbers, bank account numbers
  • Telephone / fax numbers, e-mail

Portions adapted with permission from Stanford University and Boise State University