| Data Class | Definition | Examples |
| Private (HIPAA,FERPA for example) | Data that is protected under specific laws, regulations, contracts, relevant legal agreements and/or require the university to provide notification of unauthorized disclosure/security incidents to affected individuals, government agencies or media | Student academic record (FERPA)
Health records of students and employees (HIPAA) Disciplinary and performance improvement plans. Social security numbers Financial account numbers, including payment card, student account numbers, bank account numbers, etc. Driver’s license or other ID numbers Information subject to an NDA with third party contracts ADA, Immigration, insurance, accommodations, Federal Tax Information (FTI) received from the IRS or any secondary source, and restricted use of FTI data under Section 483 of the Higher Education Act, etc. |
| Confidential (allowed for supervisor, not for peers e.g.) | Data that has the potential to cause adverse effects for the individual, but is necessary for certain internal relationships, such as supervision and advising. | Student academic record (advisees)
Donor contact data Confidentiality agreements Position descriptions Grievances and disciplinary action reports |
| Sensitive [Internal only] (k-anonymity) | Data that has value in efforts to improve the organization, but whose public release would have an adverse impact on a member of the community | Aggregated data on student enrollment, success and learning assessment
Internal memos and emails non-public reports Faculty handbook |
| Public | Data that indicates the institution as a whole | Directory information, including position titles and tenure status
Public policies In aggregate, data reported to third parties (US Dept of Ed, US News and World report, etc.) |