Data Classification

Use these criteria to determine which data classification is appropriate for a particular information or infrastructure system. A positive response to the highest category in any row is sufficient to place that system into that classification. 

NOTE: If a new system is being implemented that will store or handle Confidential Data, you MUST inform the Office of Information Technology.

 

 Confidential Data
 (highest, most sensitive)

 

 Private Data
 (moderate level of sensitivity)

 

 Public Data
 (low level of sensitivity)

Legal Requirements Protection of data is required by law (i.e. HIPAA, FERPA, GLBA, etc.) LSUE has a contractual  obligation to protect the data Protection of data is at the discretion of the owner or custodian
Reputation Risk High Medium Low
Other Institutional Risk Information which provides access to resources, physical or virtual Smaller subsets of protected data from a department General University information
Access Only those individuals designated with approved access, signed non-disclosure agreements, and a need-to-know LSUE employees and non-employees who have a business need-to-know LSUE affiliates and general public with a need-to-know
Examples

Student education records

Individuals’ health records and information

Prospective students

Personally identifiable financial information

Campus Security systems and details

Credit card numbers

Certain management information

Social Security Numbers

Government restricted and/or classified Information

LSUE ID numbers

Financial transactions of students and employees

Personnel Records (Although certain records contained within employee personnel files may be “public records” subject to disclosure, personnel files should be maintained as confidential data and disclosure of “public records” shall only be made after a case-by-case determination.)

Information resources with access to confidential data

 

Information covered by non-disclosure agreements

Materials for performance of official duties

Proprietary information of LSUE or others contained within proposals, contracts, or license agreements

 

 

 

 

 

 

 

 

 

 

Campus maps

Personal directory information (e.g., contact information)

Departmental websites

Academic course descriptions

News

Information posted on University website

Budgets

Purchase Orders

 

 

 

 

 

 

Although certain records contained within employee personnel files may be “public records” subject to disclosure, personnel files should be maintained as confidential data and disclosure of “public records” shall only be made after a case-by-case determination.