NEIT Data Classification Standard

Data TypeDescription & ExamplesData Classification
Contractual Non-Disclosure  Information, materials, data and records designated confidential by contract, including information obtained by the University from third parties under non-disclosure agreements or any other contract that designates third party information as confidential. Internal
Departmental AdministrationBudgetary, departmental, or University planning information. Non-public financial, procurement, health/safety, audit, insurance and claims information.Internal
Law Enforcement InformationNon-public law enforcement records generated or maintained by Public Safety.Privat
Payment Card Industry (PCI) InformationInformation related to credit, debit, or other payment cards. This data type is governed by the Payment Card Industry (PCI) Data Security Standards and overseen by the Bursar’s Office. Credit or debit card information  cannot be stored in any electronic format.  

  • Cardholder name  
  • Credit/debit card account number  
  • Credit/debit card expiration date  
  • Credit/debit card verification number  
  • Credit/debit card security code  
Private Personal Information  This is a category of sensitive information that is associated with an individual person, such as an employee, student, or donor.  

For everyone:  

  •  Social Security number  
  • National ID number  
  • Passport number  
  • Visa permit number  
  • Driver’s license number  
  • Disability information  
  • Ethnicity  
  • Gender  
  • Biometric information  
  • Date of Birth 

For employees:  

  •  Biographic/demographic data (Date and location of birth, Country of citizenship, Citizenship status, Marital status, Military status)  
  • Criminal record & criminal background check information  
  • Home address  
  • Grievance information  
  • Discipline information  
  • Leave-of-absence reason  
  • Payroll and benefits information  
  • Health information  
  • Conflict of Interest information 

For donors:  

  •  Biographic/demographic data  
  • Contact information  
  • Prospect data  
  • Gift and gift-planning data  
Proprietary Intellectual Property  Proprietary intellectual property in which the University asserts ownership that is created by University employees in connection with their work.  Internal 
Protected Health Information  Protected Health Information (PHI) is defined by the Health Insurance Portability and Accountability Act (HIPAA). PHI is individually identifiable health information that relates to the  

Past, present, or future physical or mental health or condition of an individual.  

Provision of health care to the individual by a covered entity (for example, hospital or doctor).  

Past, present, or future payment for the provision of health care to the individual.  

The following individually identifiable data elements, when combined with health information about that person, make such information protected health information (PHI):  

  • Names  
  • Telephone numbers  
  • Fax numbers  
  • Email addresses  
  • Social Security numbers  
  • Medical record numbers  
  • Health plan beneficiary numbers  
  • License plate numbers  
  • URLs  
  • Full-face photographic images  
  • Any other unique identifying number, characteristic, code, or combination that allows identification of an individual  














Student Education Records (FERPA)  Records that contain information directly related to a student and that are maintained by the University or by a person acting for the University. The Family Educational Rights and Privacy Act (FERPA) governs release of, and access to, student education records. “Directory information” about a student is not regulated by FERPA and can be released by the University without the student’s permission. Students can request non-disclosure from the Registrar’s Office.  Private 
Student Loan Application Information (GLBA)  Personal financial information held by financial institutions and higher education organizations as related to student loan and financial aid applications. Gramm Leach Bliley Act (GLBA) provisions govern this data type.  Private 
Financial Information  Bank account numbers (excluding wire transfer/payment account information on invoices RECEVIED by NEIT)  

  • Loan account numbers  
  • Tax returns and forms  
Technical Authenticators 
  • Built-in generic account passwords 
  • VPN pre-shared keys 
  • PKI private keys 
  • Network management keys 
  • Other keys used for authentication or encryption 
  • Configuration files 
Network and systems Information, Architecture, and Related information 
  • IP Addresses 
  • VLAN information 
  • Hardware and software inventories