Baylor University Data Classification Guide

Data Classification:
Government Classified
Risk from Disclosure: High
Description: Data owned and classified by the U.S. Federal government
Examples: Government classified data (Confidential, Secret, Top Secret)


Data Classification: Restricted
Risk from Disclosure: High
Description: Data for which an unauthorized disclosure is expected to have a severe or catastrophic effect on Baylor's operations, assets or individuals.
Examples: • Social Security Number
• Credit Card Number**
• Driver's License Number
• Credential for University Systems
• Electronic Protected Health Information
• Bank Account number


Data Classification: Protected
Risk from Disclosure: Moderate
Description: Data for which unauthorized release is expected to have a serious adverse effect on Baylor's operations, assets or individuals.
Examples: • Educational Records as defined by FERPA
• Passport Data
• University Intellectual Property
• Human Resources data
• Protected Data related to research (IRB)
• University Financial Information


Data Classification: Non-Public
Risk from Disclosure: Low
Description: Data for which unauthorized disclosure is expected to have limited effect on Baylor's operations, assets or individuals.
Examples: • University ID number
• BearID
• Any university data not otherwise categorized


Data Classification: Public
Risk from Disclosure: None
Description: All public data
Examples: General access data from the university website, press releases, and other public sources


**Credit card numbers may not be stored electronically. For more information see http://www.baylor.edu/pci/index.php?id=73329

Special considerations - The classification table only provides general guidance on the minimum level of risk of for a data category. External regulations, contracts and/or use cases may increase the level of risk and thus categorization.


Data Descriptions adapted from FIPS PUB 199 - http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

Reviewed February 27, 2014