Child pages
  • Classification of Data Table
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

 Prohibited InformationRestricted/Regulated InformationInstitutional Confidential/Proprietary InformationPublic/Unrestricted Information
DescriptionInformation classified by law as breach notifiable and where Lehigh University is required to self-report to the government and/or provide notice to the individual if the information is inappropriately accessed.Data at the Confidential level must be protected due to legal requirements, contractual requirements, or University policy. Data of this type includes, but is not limited to, student records (FERPA), financial records (GLBA), health care records (HIPAA), employment records, legal records, and certain business records.Data at the Institutional/Proprietary level must be protected due to privacy, ethical, or proprietary constraints. Data of this type includes, but is not limited to, departmental data, Lehigh internal memos, and internal reports that are not intended for public access or distribution.Data at the Public/Unrestricted level is protected at the discretion of the department or the data owner. Data of this type includes, but is not limited to, all documents slated for public distribution, directory information as per FERPA, and any departmental data not deemed to be at a higher level of sensitivity (i.e., not meant for public consumption, but not necessarily important enough to warrant encryption).
AccessAccess limited to those permitted under law, regulation and Lehigh University policies, and with a job-specific need and required training. External release of this type of information is only through executive management or through subpoena or warrant. Unauthorized release of this type of data could result in termination from University employment.Access limited to those permitted under law, regulation and Lehigh University policies, and with a specific need to know. External release of this type of information is only through executive management or through subpoena or warrant. Unauthorized release of this type of data could result in termination from University employment.Only those individuals who have been approved for access by the data steward or custodian based on need to know. Public or external requests to release this type of information is only through management or through subpoena or warrant. Unauthorized release of this type of data could result in disciplinary action.Access to all data not meant for public consumption is at the discretion of the department or data owner.
Electronic Storage
and Transmission
 Any storage of this type of information in a cloud environment must adhere to the Lehigh University Cloud Computing Policy (ACIS Policy #11). Any computers containing this type of data must be encrypted utilizing whole-disk encryption as should any system with web access to this type of data as cache files may be present. Any of this type of data stored on flash drives, cell phones, or any other external form of storage (including backups), must be in an encrypted form. Confidential data should not be sent by email unless it is sent as an encrypted attachment or your email is encrypted using public-key cryptography. While Lehigh-hosted email and Lehigh Google email are encrypted in transit using SSL connections, this does not ensure that the message is stored securely at its destination or that it is not being forwarded on to another email address through a non-SSL connection.ny storage of this type of information in a cloud environment must adhere to the Lehigh University Cloud Computing Policy (ACIS Policy #11). While full disk encryption is the preferred option, any files containing this type of data should be encrypted whether on any computer, or on flash drives, cell phones, or any other external form of storage (including backups). Institutional/proprietary data should not be sent by email unless it is sent as an encrypted attachment or your email is encrypted using public-key cryptography. While Lehigh-hosted email and Lehigh Google email are encrypted in transit using SSL connections, this does not ensure that the message is stored securely at its destination or that it is not being forwarded on to another email address through a non-SSL connection.As with all data, it is recommended that all data of this type be stored on LAN drives where it will be backed up on a daily basis. Any backups of data stored on local hard drives are the responsibility of the user of that system.
Specific Classification Level of Lehigh University Data Attributes 
  • Social Security Numbers*
  • Credit Card Numbers*
  • Driver's License Numbers*
  • Financial Account Numbers, such as bank account or investment account numbers*
  • Passport and visa numbers
  • Grades
  • Human Subjects Information
  • Health Care Information, including Protected Health Information (PHI)
  • Employment applications
  • Employee information, including personnel files, benefits information, salary, conflict of interest filings, birth date, and personal contact information
  • Passwords and biometric identifiers
  • Privileged attorney-client communications
  • Internal policy records
  • Export controlled information under U.S.laws
  • Building diagrams and blueprints 
  • Departmental data
  • Lehigh internal memos
  • Internal reports that are not intended for public access or distribution
  • Email distribution list
  • Source code

  • Directory information
  • Lehigh published articles and newsletters

*Requires Breach Notification

  • No labels