Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Answers
Data Classification Definitions
In today's digital age, protecting sensitive information is crucial for maintaining the integrity and trust of our university community. At Syracuse University, we categorize our data into three primary classifications: Confidential, Enterprise, and Public. Understanding these classifications is essential for handling and protecting information appropriately.
The lists below should not be considered to be all-inclusive. Please consult with the Information Security Department if there is any doubt or question as to how to classify data.
Confidential Data
The University defines as Confidential any information that meets at least one of the following criteria:
The protection of the data is required by law/regulation.
Syracuse University is required to self-report to the government or other external organizations and/or provide notice to the affected individuals if the data is inappropriately accessed.
The loss of confidentiality, integrity, or availability of the data or system could significantly adversely impact our mission, safety, finances, or reputation.
The examples below are considered Confidential when used to identify a person or persons.
Social Security numbers
Date of Birth
Driver's license numbers
Passport and visa numbers
Biometric Identifiers
Financial information and records (credit card numbers, account numbers, etc.), including non-SU income level and sources
Student financials, FAFSA information, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, bills
Unencrypted user account passwords
Health Information, including Protected Health Information (PHI) and research health data
Health Insurance policy ID numbers
Student or employee accommodations or self-identified disability information
The examples below may be considered Confidential Data even when not combined with other personal or identifying information that is linked to a specific individual.
Encryption Keys when used to protect other Confidential Information
Export controlled information- Information or technology controlled under International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR), required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of a controlled item or product, including blueprints, drawings, photographs, plans, instructions, or documentation.
Sensitive research data
Enterprise Data
Enterprise Data includes information necessary for the University's day-to-day operations that is not publicly accessible. This type of data is integral to the functioning of our institution but does not require the same level of stringent protection as Confidential Data.
Examples of Enterprise data are:
SU Business Data like SU Financial Data, Contracts, 3rd Party information
SU Records
Internal Email
Research data
Internal Digital/Physical System information
Public Information
Public Data is typically defined as any data that does not fall under confidential or enterprise data definitions. Care should be taken when determining what is public to not inadvertently include data that is not public. Please consult with ITS if there is any doubt or question.
, multiple selections available,