Confidential data is all information required to be protected by various Compliance and Legal Rules like HIPAA, FERPA, PCI-DSS and Privacy Act.
Examples of Confidential data in Univeristy environment are:
- Medical Records
- Health Records
- Student Records like Class Grades, Schedules, Locations etc.
- Personally Identifiable Information (PII) like Social Security Number, Individual Financial Information etc.
- Credentials
- Security audits
- Credit Card Data
Enterprise data is information required for conducting day to day Univeristy business which is not publically publishedIn today's digital age, protecting sensitive information is crucial for maintaining the integrity and trust of our university community. At Syracuse University, we categorize our data into three primary classifications: Confidential, Enterprise, and Public. Understanding these classifications is essential for handling and protecting information appropriately.
The lists below should not be considered to be all-inclusive. Please consult with the Information Security Department if there is any doubt or question as to how to classify data.
Confidential Data
The University defines as Confidential any information that meets at least one of the following criteria:
- The protection of the data is required by law/regulation.
- Syracuse University is required to self-report to the government or other external organizations and/or provide notice to the affected individuals if the data is inappropriately accessed.
- The loss of confidentiality, integrity, or availability of the data or system could significantly adversely impact our mission, safety, finances, or reputation.
The examples below are considered Confidential when used to identify a person or persons.
- Social Security numbers
- Date of Birth
- Driver's license numbers
- Passport and visa numbers
- Biometric Identifiers
- Financial information and records (credit card numbers, account numbers, etc.), including non-SU income level and sources
- Student financials, FAFSA information, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, bills
- Unencrypted user account passwords
- Health Information, including Protected Health Information (PHI) and research health data
- Health Insurance policy ID numbers
- Student or employee accommodations or self-identified disability information
The examples below may be considered Confidential Data even when not combined with other personal or identifying information that is linked to a specific individual.
- Encryption Keys when used to protect other Confidential Information
- Export controlled information- Information or technology controlled under International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR), required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of a controlled item or product, including blueprints, drawings, photographs, plans, instructions, or documentation.
- Sensitive research data
Enterprise Data
Enterprise Data includes information necessary for the University's day-to-day operations that is not publicly accessible. This type of data is integral to the functioning of our institution but does not require the same level of stringent protection as Confidential Data.
- SU Business Data like SU Financial Data, Contracts, 3rd Party information
- SU Records
- Internal Email
- Research data
- Internal Digital/Physical System information
Public Information
Public Data is typically defined as any data that does not fall under confidential or enterprise data definitions. Care should be taken when determining what is public to not inadvertently include data that is not public. Please consult with ITS if there is any doubt or question.