Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview: Each data set published to Power BI will be labeled with a Protection Level based on the following Guidelines. Data Set Documentation can be found here: Google Drive

Relevant Documents:

UC Protection Level Guide: UC Protection Level Classification Guide  

Summary of Classification Levels

P1: Public - information for public distribution. 

Risk from exposure: None

Access: Not restricted

Examples :

            All public data

            Student directory dataof P1 data:


INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Public-facing websites

Intended for public use

Public event calendars

Intended for public use

Press releases

Intended for public use

Hours of operation

Intended for public use

Parking regulations

Intended for public use

Course catalogs

Intended for public use

Published research

Intended for public use


P2: Internal - Unauthorized release of this data may have a limited effect on UCSB’s operations, assets or individuals.

Risk from exposure: Low

Access: Restricted to UCSB faculty, staff and students. User ID and password required.

Examples of P2 data:

Note:

            University financial information

            Any university data not otherwise categorizedStudent directory data is classified at P2, if the student has not requested a FERPA block. For details look at the table below.


INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Routine business records and e-mail

Operational integrity

Calendar information

Operational integrity

Meeting notes

Operational integrity

Research using publicly available data

Operational integrity

UC directory (faculty, staff and students who have not requested a FERPA block)

Operational integrity

De-identified patient information (negligible re-identification risk)

Academic integrity

Unpublished research work and intellectual property not in Level 3 or 4

Academic integrity

Patent applications and work papers, drafts of research papers

Academic integrity

Operational integrity

Building plans and information about the university physical plant

Operational integrity

Protective information

P3: Sensitive - Unauthorized release of this data may have a negative effect on UCSB’s operations, assets or individuals.

Risk from exposure: Medium

Access: Restricted to people with a business need to know. MFA required.

Examples of P3 data:

            Human Resource data

            Student Educational data (FERPA)

            Student Financial Aid data

            Protected Research data

            University Intellectual Property

            University Contracts

            Donor/Alumni data

P3/Note: Student and employee data is classified at P3 level. For details look at the table below.

           

INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Attorney-Client Privileged Information

Legal protection

Student education records

FERPA

Student special services records

FERPA, Privacy

Security camera recordings

Protective information

Building entry records from automated key card system

Protective information

IT security information and system security plans

Protective information

Exams (questions and answers)

Academic integrity

Animal research protocols

Academic integrity

Export Controlled Research (ITAR, EAR)

Regulation

UC personnel records

Privacy

Research information classified as Level 3 by an Internal Research Board (IRB) (if done by the IRB)

Academic integrity

Federal Data (Pre CUI)

FISMA

P4: Restricted - Unauthorized release of this data may have a serious effect on UCSB individuals.

Risk from exposure: Moderate High

Access: Restricted to people entitled to know. MFA required.

Examples:

Student Ethnicity

            Student sexual orientation data

Student Note: Student eligibility/awarding of certain financial aid (PELL grants, CAL grants, etc.)

Student Health data

P4: is classified at P4 level. Student health data (HIPAA) is also classified at P4. For additional details look at the table below. At this time we are choosing to not publish some of the more restricted data from the table below, such as credit card information, social security numbers, and medical information for students. Please see the Prohibited category below. 


INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Controlled Unclassified Information (CUI)

Government contract

Credit card cardholder information

PCI

Financial, accounting, payroll information

Integrity

Financial aid information, student loans

GLBA

Personally Identifiable Information (PII)

PII, regulatory

Protected Health Information (PHI) / patient records

HIPAA

Social Security Numbers

PII, GLBA, Civil Code

Sensitive Identifiable Human Subject Research

Privacy

Research information classified as Level 4 by an IRB or otherwise required to be stored or processed in a high security environment

Academic integrity

Individually identifiable genetic information (human subject identifiable)

Privacy

Human subject research data with individual identifiers, particularly those identified in CA law

Privacy, regulatory

Passwords, PINs and passphrases that can be used to access P2 to P4 information or manage IT Resources.

Operational integrity

Information with contractual requirements for P4-level protection

Contract


Prohibited– Unauthorized release of this data may have a severe or catastrophic effect on UCSB’s operations, assets or individuals.  

**This data is not allowed to be used in the Power BI Service.  

Risk from exposure: High

Access: Tightly controlled. MFA required.

Examples:

            Social Security Numbers

...