Article originally published October 14, 2013
Do you know the difference?
It's important to know what kind of information you are working with so you can protect it properly. Here's a simple guide to help.
Restricted Data - super sensitive information. Restricted data is "notice-triggering", meaning, we need to notify people if there has been unauthorized access or disclosure of this information. Leaks of this type of information can lead to identity theft, news coverage/publicity, and reputational damage and costs to the university.
Examples: Social Security Number (SSN), driver's license/state ID numbers, financial account numbers, credit card numbers, personal medical and medical insurance information, and passwords.
STOP: Restricted data requires the highest level of security, often driven by legal and regulatory requirements and penalties.
- Store and send securely. Restricted data should not be stored on mobile devices.
- Don’t post online.
- Don’t send or store in Google or other services unless encrypted.
- Only share with authorized people via a secure method of transport.
Confidential Data - Moderately sensitive information. Not notice-triggering. This information needs to be protected from unauthorized access.
Examples: home address and phone, birth date, gender, religious or sexual orientation, and other non-RD personal information; student records, grades, evaluations, letters of recommendation; sensitive research (this can also be classified as restricted, such as with certain government research).
PROCEED WITH CAUTION: Protect from unauthorized access. Don't post publicly online. May not be OK to send or store in Google or other services unless encrypted. Check with data owner for guidance.
Non-Confidential Data - Non-sensitive information.
Examples: Campus directory information (name, campus email address, department, etc.) course catalog info, public web pages.
GO: It's okay to share non-confidential information with others or post online. It's also okay to send and store this information in Google and other services.
For more information, visit the ITS Security Training pages:
Additional Cyber Security Information: http://its.ucsc.edu/security/