Restricted Data vs. Confidential Data

October 14, 2013

stoplight image

Do you know the difference?

It's important to know what kind of information you are working with so you can protect it properly. Here's a simple guide to help.

Restricted Data - super sensitive information. Restricted data is "notice-triggering", meaning, we need to notify people if there has been unauthorized access or disclosure of this information. Leaks of this type of information can lead to identity theft, news coverage/publicity, and reputational damage and costs to the university.

Examples: Social Security Number (SSN), driver's license/state ID numbers, financial account numbers, credit card numbers, personal medical and medical insurance information, and passwords.

red light

STOP: Restricted data requires the highest level of security, often driven by legal and regulatory requirements and penalties.

  • Store and send securely. Restricted data should not be stored on mobile devices.
  • Don’t post online.
  • Don’t send or store in Google or other services unless encrypted.
  • Only share with authorized people via a secure method of transport. 

----------------------------

Confidential Data - Moderately sensitive information. Not notice-triggering. This information needs to be protected from unauthorized access.

Examples: home address and phone, birth date, gender, religious or sexual orientation, and other non-RD personal information; student records, grades, evaluations, letters of recommendation; sensitive research (this can also be classified as restricted, such as with certain government research).

yellow lightPROCEED WITH CAUTION: Protect from unauthorized access. Don't post publicly online. May not be OK to send or store in Google or other services unless encrypted. Check with data owner for guidance.

-----------------------------

Non-Confidential Data - Non-sensitive information.

Examples: Campus directory information (name, campus email address, department, etc.) course catalog info, public web pages.

green light

GO: It's okay to share non-confidential information with others or post online. It's also okay to send and store this information in Google and other services.

-----------------------------

For more information, visit the ITS Security Training pages:

Additional Cyber Security Information: http://its.ucsc.edu/security/

For questions or assistance, contact the ITS Support Center: itrequest.ucsc.edu, help@ucsc.edu, 459-HELP, 54 Kerr Hall.