Data classifications

There are four classification levels of institutional data at Indiana University.

Below are examples and classifications for particular domains.

Data classifications are defined in Policy DM01: Management of Institutional Data. For general or background information, please see the Knowledge Base document: What is institutional data?

Classification examples

The following chart shows examples of how data is classified within each data domain.

This chart is merely a guide, however; if you have specific questions about data classification please contact the appropriate Data Steward. If you would like more complete information on data classification by subject domain, see the Data Classification Matrix.

Domain Critical Restricted University-Internal Public
Cross-domain identifiers SSN, passwords University ID numbers Username
Student Academic transcript, Health Information Grades, Class Schedule, Date of Birth Address, Phone Student name, Major, Degree
Human Resources I-9 Form data; Payroll direct deposit account number  Employee home address Employee offer letters, faculty tenure recommendations Employee name and compensation
Health Patient record Faculty/Staff Immunization record
Facilities Detailed floor plans showing gas, water, sprinkler shut-offs, hazardous materials Basic floor plans showing egress routes and shelter areas Campus map showing buildings, names, addresses, parking, lighted pathways, emergency phones, etc.

Listed from most sensitive to least sensitive, the university data classifications:

Thermometer
  • Critical

    Inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals.

  • Restricted

    Because of legal, ethical, or other constraints, this data may not be accessed without specific authorization. Only selective access may be granted.

  • University-Internal

    This data may be accessed by eligible employees and designated appointees of the university for purposes of university business. Access restrictions should be applied accordingly.

  • Public

    Few restrictions are placed on this data, as it is generally releasable to a member of the public upon request. Upon receipt of a request, seek advice from the appropriate data steward. If the request is made in regard to the Indiana open records statute, seek advice from the Office of the VP and General Counsel, as well as the appropriate Data Steward.