Data Classification Categories

All Purdue University data will be reviewed on a periodic basis and classified according to its use, sensitivity, and importance to the University and in compliance with federal and/or state laws.  Any data item or information that is not classified will be assumed to be of the Restricted classification until otherwise determined, unless the data is known to be addressed by applicable law or statue (e.g., certain records that might be considered publicly available under applicable Indiana law).

Public -- Information which may or must be open to the general public. It is defined as information with no existing local, national or international legal restrictions on access.

Example: Course Catalog

Sensitive -- Information whose access must be guarded due to proprietary, ethical, or privacy considerations. This classification applies even though there may not be a civil statute requiring this protection.

Example: Fixed asset details, PUID, electronic or paper admissions applications

Special Reminder Regarding PUID

Restricted -- Information protected because of protective statutes, policies or regulations. This level also represents information that isn't by default protected by legal statue, but for which the Information Owner has exercised their right to restrict access.

Example: Protected Health Information (HIPAA/PHI); student data such as SSN, date of birth, grades/GPA/transcripts (FERPA); financial account information (GLBA); payment card information such as payment card number (PCI); government restricted research data (ITAR, EAR); Controlled Unclassified Information (CUI - as indicated by Executive Order 13556); or third party confidential or proprietary information.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2015 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.