Use these criteria to determine which data classification is appropriate for a particular information or infrastructure system. A positive response to the highest category in any row is sufficient to place that system into that classification.
NOTE: If a new system is being implemented that will store or handle Confidential Data, you MUST inform the Office of Information Technology.
Confidential Data |
Private Data
|
Public Data |
|
Legal Requirements | Protection of data is required by law (i.e. HIPAA, FERPA, GLBA, etc.) | LSUE has a contractual obligation to protect the data | Protection of data is at the discretion of the owner or custodian |
Reputation Risk | High | Medium | Low |
Other Institutional Risk | Information which provides access to resources, physical or virtual | Smaller subsets of protected data from a department | General University information |
Access | Only those individuals designated with approved access, signed non-disclosure agreements, and a need-to-know | LSUE employees and non-employees who have a business need-to-know | LSUE affiliates and general public with a need-to-know |
Examples |
Student education records Individuals’ health records and information Prospective students Personally identifiable financial information Campus Security systems and details Credit card numbers Certain management information Social Security Numbers Government restricted and/or classified Information LSUE ID numbers Financial transactions of students and employees Personnel Records (Although certain records contained within employee personnel files may be “public records” subject to disclosure, personnel files should be maintained as confidential data and disclosure of “public records” shall only be made after a case-by-case determination.) Information resources with access to confidential data
|
Information covered by non-disclosure agreements Materials for performance of official duties Proprietary information of LSUE or others contained within proposals, contracts, or license agreements
|
Campus maps Personal directory information (e.g., contact information) Departmental websites Academic course descriptions News Information posted on University website Budgets Purchase Orders
|
Although certain records contained within employee personnel files may be “public records” subject to disclosure, personnel files should be maintained as confidential data and disclosure of “public records” shall only be made after a case-by-case determination.