You are here

Data Classifications

Effective Dates and Issuing Authority

Effective Date:   January 30, 2014
Date Last Reviewed:  August 22, 2019
Date Scheduled for Review:  August 22, 2021
Issuing Authority:   Chief Information Security Officer

Data Classification Descriptions

 

Data Classification

 

Description

Confidential

 

Confidential Data refers to data whose unauthorized disclosure may have a serious adverse effect on the university’s reputation, resources, services or individuals. Data protected under international, federal or state regulations or data subject to proprietary, ethical, or privacy considerations will typically be classified as confidential.

Sensitive

Sensitive Data - Yellow Icon 

Sensitive Data refers to data whose unauthorized disclosure may have a moderate adverse effect on the university’s reputation, resources, services or individuals. This is the default classification category and should be assumed when there is no information indicating that data should be classified as public or confidential.  

Public

Public Data - Green Icon

Public Data refers to data whose disclosure to the general public poses little or no risk to the university’s reputation, resources, services or individuals

Data Classification Examples

 

Data Classification

 

Examples

Confidential

 

► Non-Public Personal Information (NPI) – Under the Gramm-Leach-Bliley Act, personally identifiable financial information provided by a consumer or information that results from, or information otherwise obtained by the university in order to provide a financial product or service from or through the university.

► Protected Health Information (PHI)– Information requiring special protections to ensure it is not disclosed to anyone who is unauthorized under the Health Insurance Portability and Accountability Act.

► Regulatory Protected Information – data that is protected by federal, state or local law and includes, but is not limited to PHI, NPI, and funded research.

► Personally Identifiable Information (PII) – An individual’s first name or first initial and last name plus one or more of the following data elements: (1) Social Security number; (2) driver’s license number or federal/state issued ID card number; (3) account numbers, credit card numbers or debit card numbers combined with any security code, access code, PIN or password needed to access an account

► Social Security numbers must not be used as a primary identifier for Temple-related individuals, except when required by law.

► Individual states have issued more stringent rules past the definition of PII. The following are examples of confidential data beyond the PII definition:

• National identification number

• Birth date or place (when used in conjunction with other personal information)

• Taxpayer Identification number

• Government Passports

• Personal bank account information

• Credit or debit card information

• Medical records

• Disciplinary records

• Student financial records

Sensitive

Sensitive Data - Yellow Icon 

► All data not defined as Public or Confidential Data.  This data may be accessed by anyone employed or working under contract for the university, in the conduct of bona fide university business with proper authorization. 

► Education Records - any record stored or maintained by the university or an agent of the university, as defined in Temple’s Policy Regarding Confidentiality of Student Records (policy 03.20.11).  

► The following are examples of sensitive data:

• Exams or exam results

• Home or emergency contact information

• Certificate/license numbers

• Payroll records

• Background check verification

• Vehicle identification numbers 

• Full face photographic and comparable images

• Class lists

• Final grades

• Disciplinary records

• Student financial records

Public

Public Data - Green Icon

► Directory Information - Items considered directory information are listed in Temple’s Policy Regarding Confidentiality of Student Records (policy 03.20.11). 

► Information that is publicly available and which, if altered or destroyed, would result in little or no risk to the university and its affiliates. The following are examples of publicly available data:

• Temple University Fact Book

• Press releases

• Course information

• Job descriptions

• Marketing materials intended for the general public

Data Classification Elements

 

Data Classification

 

Elements

Confidential

 

• Donor Information – Any personal information included with the donation amount - [Unless approved otherwise by the donor]

• Health Information: Fax Numbers, Email Address, Dates relating to the individual, Medical Record Numbers, Health Plan Beneficiary Numbers, Health Information - Account Numbers, Certificate/License Numbers, Device identifiers, URLs, IP Addresses, Health Information - Biometric Identifiers, Any other unique identifier, Telephone numbers, Names, Geographic information smaller than a state or province, Student Disability

• Social Security Number

• Driver's License Number

• Passport number

• Visa number

• State Identification Card Number

• Certificate/License number

• Credit Card number

• Debit Card Number

• Bank Account Number or other financial account numbers (includes Student Financial Loans) [In combination w/personally identifiable information, access accounts or password]

• Student Judicial and/or Disciplinary records

• Passwords, passphrases, PIN numbers, security codes, access codes

• System Logs

Sensitive

Sensitive Data - Yellow Icon 

• Full Face Photographic Images

• Payroll information (e.g. W2, taxes, deductions, etc.)

• Date of Birth/Age

• Last 4 digits of Social Security Number

• Final Student Grades

• Library Circulation Records

• Exams

• Donor Information – Names, addresses and other personal information [No donation amount]

• Progress Grades, Test Scores

• Gender

• Emergency Contact

• Home Mailing Address

• Phone

• Ethnicity

• Military Status

• Veteran Status

• Citizenship

• Visa status

• Country of birth or citizenship

• Work Authorization (I-9)

• Job action reason (e.g. terminations or leave)

• Benefits enrollment info

• Marital Status

• Compensation

• Background Check Verification

• Previous work experience

• Education and Training Background

• Course Class lists

• Dates of first and last employment

• Salary Grade

Public

Public Data - Green Icon

• AccessNet Username

• PCN Number

• TUid

• Names (First, Last, Preferred)

• Job Title

• Job Description

• University Address

• University Telephone Numbers

• Faculty/Staff/Administrator Email Address [Available via Directory]

• Press Releases

• Course Information

• Student Email Address

• Affiliation

• Department

Data Storage Classifications

 

Data Classification

 

Approved Storage and Cloud Service

Confidential, Sensitive and Public Data

 Sensitive Data - Yellow Icon Public Data - Green Icon

• Temple University Storage (TUCloud/TUVault/Departmental Shares)
[With encryption or on Temple HIPAA environment]

•  Banner Document Management (Xtender)
[Cannot be used to store Data Elements classified as Health Information.]

•  TUsafesend.temple.edu (Secure Data Transport)

Sensitive and Public Data

Sensitive Data - Yellow Icon Public Data - Green Icon

• OWLbox (Temple’s Enterprise Managed Accounts)

• GMAIL (Google Email)  — Using Encrypted Files, e.g. PGP, WinZip, 7zip

• University Exchange Mail  — Using Encrypted Files, e.g. PGP, WinZip, 7zip

• Google Docs/Google Drive — Using Encrypted Files, e.g. PGP, WinZip, 7zip

Public Data

Public Data - Green Icon

• BOX.COM

• DROPBOX

• EVERNOTE

• GMAIL (Google Email)/University Exchange Mail

• Google Docs/Google Drive

• iCloud

• OneDrive

• Adobe Creative Cloud

• SyncWorks

• Workstation (Desktop, Laptop, Tablet)