Protecting Restricted Data

Restricted data is any confidential or personal information that is protected by law or policy and that requires the highest level of access control and security protection, whether in storage or in transit.

At UCSC, restricted data includes, but is not necessarily limited to

  • Personal Identity Information (PII)
  • Electronic protected health information (ePHI) protected by Federal HIPAA legislation
  • Credit card data regulated by the Payment Card Industry (PCI)
  • Information relating to an ongoing criminal investigation
  • Court-ordered settlement agreements requiring non-disclosure
  • Information specifically identified by contract as restricted
  • Other information for which the degree of adverse affect that may result from unauthorized access or disclosure is high.
Additional definitions are available in ITS' online policy glossary.
Reviewed April 2013