Baylor University Data Classification Guide

Data Classification Risk from
Disclosure
Description Examples
Government Classified High Data owned and classified by the U.S. Federal government • Government classified data (Confidential, Secret, Top Secret)
Restricted High Data for which an unauthorized disclosure is expected to have a severe or catastrophic effect on Baylor's operations, assets or individuals. • Social Security Number
• Credit Card Number**
• Driver's License Number
• Credential for University Systems
• Electronic Protected Health Information
• Bank Account number
Protected Moderate Data for which unauthorized release is expected to have a serious adverse effect on Baylor's operations, assets or individuals. • Educational Records as defined by FERPA
• Passport Data
• University Intellectual Property
• Human Resources data
• Protected Data related to research (IRB)
• University Financial Information
Non-Public Low Data for which unauthorized disclosure is expected to have limited effect on Baylor's operations, assets or individuals. • University ID number
• BearID
• Any university data not otherwise categorized

Public None All public data • General access data from the university website, press releases, and other public sources

**Credit card numbers may not be stored electronically. For more information see http://www.baylor.edu/pci/index.php?id=73329

Special considerations - The classification table only provides general guidance on the minimum level of risk of for a data category. External regulations, contracts and/or use cases may increase the level of risk and thus categorization.


Data Descriptions adapted from FIPS PUB 199 - http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

Reviewed February 27, 2014