What is Sensitive Data?

Students, faculty, and staff interact with data on a daily basis. It is important to understand that all data cannot be treated equally in terms of how we store, share, and dispose of it.

  • Confidential Data is the most sensitive classification. Examples of confidential data include:
    • Social Security Numbers
    • Credit Card Numbers
    • Health Records
    • Financial Records
    • Student Records
  • Private Data is not considered confidential, but reasonable effort should be made so that it does not become readily available to the public. Examples of private data include:
    • Research Data
    • Personal Contact Data
    • Proprietary information
  • Public Data is suitable for public consumption and protection of the data is at the discretion of the owner. Examples of public data include:
    • Public budget data
    • Employee contact data
    • Departmental Websites

Here are some things to consider when dealing with sensitive data:

  • Do not transmit confidential data via wireless technology, email, or the Internet unless the connection is secure, or the information is encrypted. (
  • Password protect all confidential data, and accounts with access to confidential data.
  • Do not share passwords, and do not write passwords down.
  • Do not store unencrypted confidential information on laptop computer/desktop computer’s hard drive, USB drive, CD, flash memory card, floppy drive, or other storage media.
  • Eliminate the use of forms that ask for confidential information whenever possible.
  • Do not store confidential information obtained from your institution systems on media or other systems unless required by the Institution or by law.
  • Always lock computers, offices, desks, and files that contain confidential information when unattended.
  • Do not publicly display confidential data, or leave confidential data unattended.
  • Do not share confidential documents or information with anyone unless required by government regulations, specific job responsibilities, or business requirements. Be prepared to say “no” when asked to provide that type of information.
  • Do not communicate confidential information to others unless you know they are approved to handle confidential information.
  • Notify Department of  Technical Services (DoTS) if you suspect confidential information may have been compromised.




Comments are closed.