Classifications of Institutional Data
This document describes the four classification levels of institutional data at Indiana University, and provides a list of data elements at that level. For general or background information, please see the Knowledge Base document: What is institutional data?
From most sensitive to least sensitive, the university data classifications are:
| Critical | Inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals. |
|---|---|
| Limited access/restricted | Because of legal, ethical, or other constraints, may not be accessed without specific authorization, or only selective access may be granted. |
| University-internal | May be accessed by eligible agents[1] of the university, in the conduct of university business; access restrictions should be applied accordingly. |
| Public | Few restrictions; generally releasable to a member of the public upon request; upon receipt of a request, seek advice from the appropriate data steward; if the request is made pursuant to the Indiana open records statute, seek advice from the Office of the VP and General Counsel, as well as the appropriate data steward. |
Note:
This list is a work-in-progress and should not yet be considered comprehensive at this time. For questions regarding the classification of data elements not listed below, please contact the appropriate data steward.
| Data Element | Classification |
|---|---|
| Foundation Donor Information - all data in Donor Database (Trade Secret) |  Critical |
| Health Information - Fax Numbers | Critical |
| Health Information - Email Address | Critical |
| Health Information - Dates relating to the Individual | Critical |
| Health Information - Medical Record Numbers | Critical |
| Health Information - Health Plan Beneficiary Numbers | Critical |
| Health Information - Account Numbers | Critical |
| Health Information - Certificate/License Numbers | Critical |
| Health Information - Device Identifiers | Critical |
| Health Information - URLs, IP Addresses | Critical |
| Health Information - Biometric Identifiers | Critical |
| Health Information - Full face photographic images | Critical |
| Health Information - any other unique identifier | Critical |
| Health Information - Telephone numbers | Critical |
| Health Information - Names | Critical |
| Social Security number | Critical |
| Driver's License number | Critical |
| Passport number | Critical |
| Visa number | Critical |
| State Identification Card Number | Critical |
| Certificate/License number | Critical |
| Credit Card number | Critical |
| Debit Card Number | Critical |
| Bank Account Number or other financial account numbers | Critical |
| Student Loan Information | Critical |
| Student Loan Information - Account Numbers | Critical |
| Student Loan Information - Credit Information including Credit Scores | Critical |
| Passwords, passphrases, PIN numbers, security codes, access codes | Critical |
| Health Information | Critical |
| Health Information - geographic information smaller than a state | Critical |
| Date of Birth/Age |  Limited access |
| Gender | Limited access |
| Emergency contact | Limited access |
| Home Mailing Address | Limited access |
| Home Phone | Limited access |
| Ethnicity | Limited access |
| Military Status | Limited access |
| Veteran Status | Limited access |
| Citizenship | Limited access |
| Visa status | Limited access |
| Country of birth or citizenship | Limited access |
| Work Authorization (I-9) | Limited access |
| Job action reason (e.g. terminations or leave) | Limited access |
| Benefits enrollment info | Limited access |
| Payroll information (e.g. taxes, deductions, etc.) | Limited access |
| Marital Status | Limited access |
| Examples: IU University ID, Preferred Name/Prior Name, Position Information, Part-time/full time indicator |  University-internal |
| Dates of first and last employment |  Public |
| Name | Public |
| Compensation | Public |
| Job Title | Public |
| Job Description | Public |
| Business Address | Public |
| Business Telephone Number | Public |
| Previous work experience | Public |
| Education & Training Background | Public |
Footnotes
- An eligible agent of Indiana University is anyone employed on a part-time or full-time basis or working under a contract for Indiana University.
- Individually identifiable health information includes information relating to past, present, or future conditions, provisions of health care, and payment for the provisions of health care.
- Personal Network ID passphrases should never be shared with anyone.
