Skip to Main Content Skip to Footer
Home
Toggle Navigation Menu menu

Data Classification by Risk

Confidential (Highest Level of Risk)

Confidential is the most restrictive classification. Data is classified as high risk if:

  • Protection of the data is required by law/regulation
  • Linfield is required to self-report to the government and/or provide notice to the individual if the data is inappropriately accessed
  • The loss of confidentiality, integrity, or availability of the data or system could have a significant adverse impact on our mission, safety, finances, or reputation.

Examples: Social Security number; last 4 digits of the social security number; financial account numbers; health records; criminal records, citizenship; driver license number; passport number; state ID ; Alien ID; Health insurance; mother's maiden name; biometric records; date of birth; confidential legal name; protected research information; name in combination with student id; FERPA directory information if the student has requested that it be witheld.

Least risky places to store confidential data: No system or location is without risk, but these kinds of data are best stored in their source system (Colleague for student information or Paycom for human resources information, for example), in a Winfiles or Pyramid folder, or in Etrieve. This kind of information should not generally be included in email.

 

Restricted (Moderate Risk)

Restricted data is for internal use only. Data is classified as Restricted if it is not Confidential and if:

  • The data is not generally available to the public
  • The loss of confidentiality, integrity, or availability of the data or system could have a mildly adverse impact on our mission, safety, finances, or reputation.

Examples: Language; class standing; enrollment status; sex; gender; income of students or parents; Colleague ID; grades; GPA; academic standing; student account financial information; gifts and donations; address; phone number; student conduct; email address; compensation; benefits; performance information; workers' compensation/disability

Least risky places to store restricted data: These kinds of data have fewer restrictions than confidential data and may be stored in more areas (see the data storage summary table). However, it is best to avoid systems that Linfield may not be able to control or track like external storage devices (thumb drives) or 3rd party cloud storage like Google Docs or Dropbox. Excercise caution before including this kind of information in emails.

Unrestricted (Lowest Level of Risk)

Unrestricted data may be disclosed to the public. This is data intended for general use, and can be found on websites, news releases, and in various publications. Data is classified as Unrestricted if it is not considered to be Moderate or High Risk, and if:

  • The data is intended for public disclosure
  • The loss of confidentiality, integrity, or availability of the data or system would have no adverse impact on our mission, safety, finances, or reputation.

Examples: Data from the Fact Book; aggregated numbers; FERPA directory information (unless the student has requested that it be witheld)

Least risky places to store unrestricted data: There are no limitations on this kind of data.