Legally Restricted and Confidential data or information

Legally Restricted
What it is: information for which use and access is restricted by law. The breach of this type of information may result in criminal or civil fines and liabilities for the University. Law may require notification on any breach of this type of data.

Examples may include:

  • Protected Health Information (PHI)
  • Social Security Number (SSN)
  • Employee Personally identifiable Information (PII)
  • State issued driver’s license or non-driver ID
  • Passport numbers
  • Criminal, civil and regulatory investigations
  • Payment Card Information (i.e. credit or debit card numbers)
  • Bank account numbers
  • Regulated Data (i.e. FISMA contracts)
Some common documents that may contain legally restricted information:
  • Human subjects records
  • Grant documents with regulated data
  • Employee tax forms
  • I-9 forms
  • Records of payroll deductions
  • Financial aid records (SSN)
  • Medical records
Confidential
What it is: information that is sensitive or proprietary which is kept on a strictly need-to-know basis.

Examples may include:

  • Personnel records
  • De-identified PHI data marked confidential by researchers
  • Educational records (FERPA) except Directory Information as defined by the FERPA Policy
  • Records and communication of the Board of Trustees
  • University Audit reports and work papers
  • Internal investigations into violations of law and University policies
  • Information the University has agreed to hold confidential under a contract
  • Patent applications, or other unpublished intellectual property, if designated as confidential by the Principal Investigator (PI)
Some common documents that may contain confidential information:
  • Invention disclosures
  • Grant documents without regulated data
  • Licensing agreements
  • Employment contracts
  • Appointment letters
  • Individual salary and benefits
  • Salary records & performance appraisals
  • Financial aid records (excluding SSN)
  • Student loan records
  • Student applications, transcripts, grades
  • Construction drawings for nonpublic or confidential areas

Internal data or information

What it is: Information which is necessary for people to perform their work at the University and is properly available to others at the University, but is not appropriate to be known by the general public. Access to this type of data requires authentication, (i.e. a username and password) in order to access the data.

Examples may include:

  • De-identified PHI
  • Research not containing legally restricted or confidential data
  • Administrative data not containing legally restricted or confidential data
Some common documents that may contain internal information:
  • Financial statements-unaudited
  • Purchase orders
  • Budgets (excluding individual salaries/benefits
  • Travel reimbursements
  • Organizational charts with names
  • Search committee records
  • Tenure/promotion cases
  • Affirmative action plans
  • Environmental monitoring records
  • Real estate materials
  • Construction drawings for public/non-confidential spaces
  • Tenure and promotion cases
  • Alumni data
  • Gift records

Public data or information

What it is: Information that is available to all members of the University and may be made available to the general public. The University reserves the right to control the content and format of Public data. This type of information is frequently accessible from the Internet that does not require authentication.

Examples may include:

  • Publications
  • Vital Signs, Currents, Rochester Review, Campus Times.
  • Audited financial statements
  • Annual reports
  • Student Directory Information
  • Employee Directory Information
Some common documents that may contain public information:
  • Faculty/staff/student directory
  • Press releases
  • Charter and By-Laws
  • Organizational charts without names
  • Job descriptions
  • Athletic schedules
  • Course schedules
  • Commencement programs
  • Public websites and social media