Search Target

What is Confidential/Restricted Information?


Data and data types are classified by their use and sensitivity.  Categories are Public, Internal, Sensitive, and Restricted.

  1. Public: Data is considered "public" when it has been specifically classified for public release  (e.g. sports scores, public events information, announcements, faculty expertise, student accomplishments*, aggregate data prepared for release)
  2. Internal: Data is considered "internal" when its unauthorized disclosure, alteration or deletion represents minimal risk to the University.  Public information subject to established University protocol for release (e.g. budget information, reports and data.)
  3. Sensitive: Data is considered "sensitive" when its unauthorized disclosure, alteration or deletion represents moderate risk to the University.  Generally, sensitive data is not used outside of Binghamton University or the SUNY community.  
  4. Restricted:  Data is considered "restricted" when its unauthorized disclosure, alteration or deletion represents significant risk to the University. This data includes and is not limited to that protected by federal and/or state regulation, university policy and confidentiality agreements.  Note: Student directory information is restricted if directory exclusion is requested by the student. 

It is the responsibility of all University employees to respect the highest level of privacy for their colleagues and other members of the University community. Disclosure and discussion of information obtained from University records, either during or after employment with the University, is not permissible unless such disclosure is a normal requirement of an employee's position or has been so authorized. 

Examples of Restricted Data

The following data elements require the highest level of protection. Generally this will include any data that can be tied directly to an individual and that, by itself or coupled with other data, could put that individual's identity, financial well-being or reputation at risk.  This list may expand and is not comprehensive. 

SSN and Other Personally Identifiable Information

Name (First name or initial and Last name), when stored or displayed with one or more of the other listed data elements

  • Social Security Number
  • Driver's license number
  • State identification card number
  • Financial account numbers such as credit, debit, or bank account numbers
  • Passport number
  • Alien registration number
  • Health insurance identification number

Credit Card Information

  • Primary Account Number (when stored with any other information below)
  • Cardholder Name
  • Service Code
  • Expiration Date

(Individual) Student University Records

  • Grades/Transcripts/Test scores
  • Courses taken/Schedule
  • Advising records
  • Educational services received
  • Disciplinary actions
  • Student Financial Aid, Grants, and Loans
  • Financial account and payment information including billing statements, bank account and credit card information
  • Admissions and recruiting information including test scores, high school grade point average, high school class rank, etc.
  • Student Personnel records - Refer to the University's FERPA policy for additional information.

Personal Health Information

  • Information that identifies the individual, or could reasonably be used to identify the individual, including, but not limited to name, addresses, telephone/fax number, medical record number, telephone number, birthday, admission/discharge date, vehicle ID and serial number, device IDs and serial number, certificate/license numbers, biometric identifiers, full-face images, other unique identifying number/characteristic/code.
  • Information about the patient's past, present or future physical or mental health or condition
  • Information relating to the provision of, or payment for, health care

Financial Data

  • Employee financial account information
  • Student financial account information – aid/grants/bills (covered under FERPA)
  • Individual financial information
  • Business partner and vendor financial account information
(with thanks to UConn Info Security Office)

What Documents may contain this information?

Time records

Travel requests and supporting documentation

Old student schedule cards

Grade reports

Petition requests

Declaration of candidacy for degree forms

Old student general purpose student class lists (green bar)

 

Data that is regulated by Federal or State laws including but not limited to:

Last Updated: 2/9/18