Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Overview: Each data set published to Power BI will be labeled with a Protection Level based on the following Guidelines. Data Set Documentation can be found here: Google Drive

For detailed information visit the UC Protection Level Classification Guide  

Summary of Classification Levels

P1: Public - information for public distribution. 

Risk from exposure: None

Access: Not restricted

Examples of P1 data:


INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Public-facing websites

Intended for public use

Public event calendars

Intended for public use

Press releases

Intended for public use

Hours of operation

Intended for public use

Parking regulations

Intended for public use

Course catalogs

Intended for public use

Published research

Intended for public use


P2: Internal - Unauthorized release of this data may have a limited effect on UCSB’s operations, assets or individuals.

Risk from exposure: Low

Access: Restricted to UCSB faculty, staff and students. User ID and password required.

Examples of P2 data:

Note: Student directory data is classified at P2, if the student has not requested a FERPA block. For details look at the table below.


INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Routine business records and e-mail

Operational integrity

Calendar information

Operational integrity

Meeting notes

Operational integrity

Research using publicly available data

Operational integrity

UC directory (faculty, staff and students who have not requested a FERPA block)

Operational integrity

De-identified patient information (negligible re-identification risk)

Academic integrity

Unpublished research work and intellectual property not in Level 3 or 4

Academic integrity

Patent applications and work papers, drafts of research papers

Academic integrity

Operational integrity

Building plans and information about the university physical plant

Operational integrity

Protective information

P3: Sensitive - Unauthorized release of this data may have a negative effect on UCSB’s operations, assets or individuals.

Risk from exposure: Medium

Access: Restricted to people with a business need to know. MFA required.

Examples of P3 data:

Note: Student and employee data is classified at P3 level. For details look at the table below.

           

INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Attorney-Client Privileged Information

Legal protection

Student education records

FERPA

Student special services records

FERPA, Privacy

Security camera recordings

Protective information

Building entry records from automated key card system

Protective information

IT security information and system security plans

Protective information

Exams (questions and answers)

Academic integrity

Animal research protocols

Academic integrity

Export Controlled Research (ITAR, EAR)

Regulation

UC personnel records

Privacy

Research information classified as Level 3 by an Internal Research Board (IRB) (if done by the IRB)

Academic integrity

Federal Data (Pre CUI)

FISMA

P4: Restricted - Unauthorized release of this data may have a serious effect on UCSB individuals.

Risk from exposure: Moderate

Access: Restricted to people entitled to know. MFA required.

Examples:

Note: Student eligibility/awarding of certain financial aid (PELL grants, CAL grants, etc.) is classified at P4 level. Student health data (HIPAA) is also classified at P4. For additional details look at the table below.


INSTITUTIONAL INFORMATION TYPE

JUSTIFICATION

Controlled Unclassified Information (CUI)

Government contract

Credit card cardholder information

PCI

Financial, accounting, payroll information

Integrity

Financial aid information, student loans

GLBA

Personally Identifiable Information (PII)

PII, regulatory

Protected Health Information (PHI) / patient records

HIPAA

Social Security Numbers

PII, GLBA, Civil Code

Sensitive Identifiable Human Subject Research

Privacy

Research information classified as Level 4 by an IRB or otherwise required to be stored or processed in a high security environment

Academic integrity

Individually identifiable genetic information (human subject identifiable)

Privacy

Human subject research data with individual identifiers, particularly those identified in CA law

Privacy, regulatory

Passwords, PINs and passphrases that can be used to access P2 to P4 information or manage IT Resources.

Operational integrity

Information with contractual requirements for P4-level protection

Contract


Prohibited– Unauthorized release of this data may have a severe or catastrophic effect on UCSB’s operations, assets or individuals.  

**This data is not allowed to be used in the Power BI Service.  

Risk from exposure: High

Access: Tightly controlled. MFA required.

Examples:

            Social Security Numbers

            Credit Card numbers

            Drivers License numbers

            Bank Account numbers

            Biometric data

            Credentials for university systems (accounts/passwords)


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.