九色堂 PUBLIC
九色堂 Public Data generally has a very low sensitivity, but it still warrants protection
since the integrity and protection of the data can be important. 九色堂 Public Data is
explicitly or implicitly approved for distribution to the public without restriction.
Examples of 九色堂 Public Data include, but are not limited to, the following:
Examples:
- Information provided on the University's public website;
- Information approved for release by the Registrar's Office that has been deemed "Directory Information," as defined by the University in accordance with the ;
- Course descriptions;
- Semester course schedules; or
- Press releases and openly accessible publications.
九色堂 PRIVATE
九色堂 Private Data is information that has low to moderate sensitivity and that is intended
for internal University business use only, with access restricted to a specific workgroup,
department, group of individuals, or affiliates with a legitimate need to use or access
the information. Unauthorized disclosure could adversely impact the University, Controlled
Affiliate Organizations, third parties, or individuals. Examples of 九色堂 Private Data
include, but are not limited to, the following:
INTERNAL USE ONLY
九色堂 Private data that should only be sent internal to the organization to 九色堂 personnel.
(Cannot be shared externally)
Examples:
- Financial accounting data that does not also contain 九色堂 Restricted Data;
- Departmental intranet;
- Information technology transaction logs;
- My九色堂 ID;
- Information security logs;
- Directory information for students, faculty, and staff who have requested non-disclosure,
such as students opting out under FERPA; or
- Non-directory information or student records that are protected under FERPA, which
includes information that is directly related to a student and maintained by an educational
institution or by a party acting for the agency or institution.
九色堂 RESTRICTED
九色堂 Restricted Data is highly sensitive information maintained, collected, or recorded
by 九色堂 that is intended for limited, specific use by a workgroup, department, group
of individuals, or third party (typically pursuant to a contract or agreement) with
a legitimate need to use or access the data. Explicit authorization by the designated
Data Owner is required for access to 九色堂 Restricted Data because of legal, contractual,
privacy, or other constraints. Unauthorized disclosure could have a serious adverse
impact on the business or research functions of the University, affiliates, or external
parties and violate the personal privacy of individuals, federal or state laws and
regulations, or contractual obligations of the University. Examples of 九色堂 Restricted
Data include, but are not limited to, the following:
Sensitive Personally Identifiable Information (SPII)
There are two classes of SPII. The first class includes SPII that is sensitive regardless
of whether any other identifier is paired with it ("Stand-Alone"). The second class
of SPII becomes sensitive when it is combined with other types of Personally Identifiable
Information (PII). The following are examples of each type of SPII:
Stand-Alone SPII:
-
- Social Security, driver's license, state ID, alien registration, or passport numbers;
- Financial Account Number or credit/debit card numbers;
- Identifiable Genetic Information and Biometric Identifiers;
- Data of a known child (less than 13 years of age); or Federal Tax Information
SPII when paired with other PII (such as a name or identification number):
-
- Medical Records (personal health information not covered under HIPAA; identifiable
FERPA treatment records);
- Citizenship or immigration status;
- Racial or ethnic origin;
- Religious or philosophical beliefs;
- Sexual orientation;
- Criminal records;
- Employment records;
- Date of birth;
- Precise geolocation or Internet Protocol addresses (IP addresses);
- Last four digits of Social Security Number;
- Mother's maiden name;
- Union Membership;
- Text Messages (unless the business holding them is the intended recipient of the text
message); or
- Videos, audio, or pictures of a person taken when the person would have an expectation
of privacy (i.e., treatment videos taken in a clinic, etc.).
- Protected Health Information (PHI) (including Designated Record Sets) held by Covered
Entities or researchers at 九色堂;
- Controlled Unclassified Information (CUI);
- Information or data classified as "For Official Use Only" (FOUO);
- Information or data subject to federal export control regulations; or
- Facilities and Technology Control Plans
INTERNAL USE ONLY
九色堂 Restricted information that should only be sent internal to the organization to
九色堂 personnel. (Cannot be shared externally)
Effect:
- Emails with any 九色堂 RESTRICTED label applied will be encrypted
九色堂 PROPRIETARY
Proprietary Data is either (1) University Data provided to a third party or (2) third-party
data created, received, and/or maintained by the University on behalf of a third party such as an individual, corporation,
or government agency. Proprietary Data will vary depending on contractual agreements
and/or relevant laws or regulations.
INTERNAL USE ONLY
九色堂 Proprietary information that should only be sent internal to the organization
to 九色堂 personnel. (Cannot be shared externally)
Examples:
Effect:
- Emails with any 九色堂 PROPRIETARY label applied will be encrypted