According to university policy, data will typically be classified as sensitive if any of the following are true:
- Unauthorized disclosure may have serious adverse effects on the university’s reputation, resources, or services or on individuals.
- It is protected under federal or state regulations.
- There are proprietary, ethical, or privacy considerations.
Sensitive data will be made available only to authorized users whose assigned duties require the information. Authorized users must protect the information according to regulations in order to protect the integrity and confidentiality of the information.
P2 IS3 Def.
Institutional Information which may not be specifically protected by statute, regulations, or other contractual obligations or mandates but is generally not intended to be public. Also, information for which unauthorized use, access, disclosure, acquisition, modification, loss, or deletion could result in minor damage or small financial loss, or minor impact on the privacy of an individual or group. (Internal.)
Due to the nature of the definition of sensitive data, it is impossible to have an exhaustive list of sensitive data examples. While the most common types of sensitive data are already included in this guide, there are many other examples of sensitive data, including:
- Public safety and security information
- Certain types of information about hazardous substances
- Certain types of blueprints and building plans
- Proprietary information such as computer source code developed at the university
- Certain types of information related to university investments and investment planning
- Certain types of information related to university insurance claims
- Information about misconduct proceedings
- Animal research