This document describes the four classification levels of institutional data at Indiana University, and provides a list of data elements at that level. For general or background information, please see the Knowledge Base document: What is institutional data?
- Public data
- University-internal data
- Limited access/restricted data
- Critical data
Note: the comprehensive list of public, university-internal, and restricted data will be added to this list in the future.
Critical data
Inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals.
- Social Security number
- Credit card numbers
- Debit card numbers
- Bank account/financial account number
- Driver's license number
- State ID card number
- Student loan information
- Foundation donor data
- Protected health information
- Individually identifiable health information1
- Passphrases/passwords, PINs, and security/access codes2
Usually, a critical information element needs to be accompanied by an individual's name in order to result in harm due to inappropriate handling, but not always. If enough information is included to be able to identify someone, it may still be a red hot situation!
Footnotes
- Individually identifiable health information includes information relating to past, present, or future conditions, provisions of health care, and payment for the provisions of health care.
- Personal Network ID passphrases should never be shared with anyone.
