Skip to Content

Sensitive University Data

Sensitive University Information

(Please note, until the UO adopts an official policy on what is Sensitive University Data, the below list is one that CASIT is using as a working model.)

Sensitive University Data is data that is considered Registered Confidential or Confidential. It is data that is regulated by Federal or State laws including but not limited to:

  • Family Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Electronic Communications Privacy Act (ECPA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Children’s Online Privacy Protection Act (COPPA)
  • Freedom of Information Action (FOIA)
  • Connecticut Personal Data Act
  • Federal Trade Commission (FTC) Act
  • Red Flag Rule (Identity Theft Regulation)
  • Other relevant University policies or procedures.

The following data elements require the highest level of protection. This list may expand based on future regulatory requirements. This list is not to be construed as a comprehensive list. Other data may also require similar protections. Contact CASIT to discuss the security measures that must be implemented for all other data that is not considered public.

SSN and Other Personally Identifiable Information

  • Name (First name or initial and Last name), when stored or displayed with one or more of the other listed data elements
  • Social Security Number
  • Driver’s license number
  • State identification card number
  • Financial account numbers such as credit, debit, or bank account numbers
  • Passport number
  • Alien registration number
  • Health insurance identification number

Credit Card Information

  • Primary Account Number (when stored with any other information below)
  • Cardholder Name
  • Service Code
  • Expiration Date

(Individual) Student University Records

  • Grades/Transcripts/Test scores
  • Courses taken/Schedule
  • Advising records
  • Educational services received
  • Disciplinary actions
  • Student Financial Aid, Grants, and Loans
  • Financial account and payment information including billing statements, bank account and credit card information
  • Admissions and recruiting information including test scores, high school grade point average, high school class rank, etc.
  • Student Personnel records

Personal Health Information

  • Information that identifies the individual, or could reasonably be used to identify the individual, including, but not limited to name, addresses, telephone/fax number, medical record number, telephone number, birthday, admission/discharge date, vehicle ID and serial number, device IDs and serial number, certificate/license numbers, biometric identifiers, full-face images, other unique identifying number/characteristic/code.
  • Information about the patient’s past, present or future physical or mental health or condition
  • Information relating to the provision of, or payment for, health care

Financial Data

  • Employee financial account information
  • Student financial account information – aid/grants/bills (covered under FERPA)
  • Individual financial information
  • Business partner and vendor financial account information