Skip to Navigation | Skip to Content

Data Classification

search the site

did you know?

  • TSS can discuss security precautions and explain how to implement security policies within your department.
    Find out more >>
  • Handling restricted data? We can assist your dept. with securing restricted data and offer strong security recommendations for free.
    Request assistance >>

General Information

The Data Classification table is meant to describe the confidentiality of the data in question, and does not factor in the integrity or availability requirements in its rating. Note that if a piece of data fits into more than one category it is considered to be the highest of those classes.

This Data Classification Table was created by ITS Technology Security Services and adopted by the Data Protection Risk Analysis Project Team. For questions regarding its contents, please contact security@nyu.edu.

To download the Data Classification Table as a PDF, click here.


Data Classification Table



Data Classification Institutional Risk from Disclosure Description Examples
Restricted
High
Data whose unauthorized access or loss could seriously or adversely affect NYU, a partner, or the public.
  • Social Security Number
  • Driver's License Number
  • Bank/Financial Account Number
  • Credit/Debit Card Number
  • Electronic Protected Health Information
  • Central Authentication Credentials*
  • University Financial Data on Central Systems*
Protected
Medium
Data with a less high level of importance, but that should be protected from general access.
  • University Intellectual Property*
  • University Proprietary Data*
  • Passport Number
  • Final Course Grades
  • FERPA*
  • External Steward Data*
  • Human Resources Data*
  • Protected Data Related to Research*
Confidential
Low
All other non-public data not included in the Restricted or Protected classes
  • Netid
  • University Identification Number
  • Licensed Software
  • Other University Owned Non-Public Data*
Public
None
All public data
  • General access data, such as that on unauthenticated portions of www.nyu.edu


Further Clarification


Examples to illustrate Items marked with an * above.


  • Central authentication credentials - NYU netid and password combinations.  Does not include local password stores on desktops, laptops, handheld devices, departmental servers, etc.
  • University Financial Data on Central Systems - Financial data at the system of record, where modification of that data would impact University processes. Does not include representation of that data elsewhere, such as in a report.
  • Protected Data Related to Research - Research data which is strictly guided by federal regulation. Depending on the subject matter, there may be more stringent requirements for your grant, from the OSP or the IRB. This does not include most grant-based research including projects based on NSF-grants.
  • Public Safety Information - Includes data containing and/or related to confidential investigation records.
  • University Intellectual Property - Includes data which the University may patent or gain from financially.  Does not include copyrighted materials which are publicly available, e.g. torch logo, etc..
  • University Proprietary Data - Includes data which the University may stand to suffer financial and/or reputational loss as a result of a breach but that is neither Restricted nor Confidential data, e.g. general donor information, etc.
  • FERPA - (Family Educational Rights and Privacy Act) This includes non-directory FERPA information not already listed in Restricted or Confidential. Note this is an exception to the standard policy of data being classified at its highest level.
  • External Steward Data - Data for which the University is a gatekeeper, such as movies or media that we are not directly licensed for but are offering to our community via an external partnership
  • Human Resources Data - Includes salary, benefits information, medical information not covered under Restricted.
  • Other University-owned non-public data - Anything not already listed in the chart that should not be considered public.  Every piece of data at NYU defaults to this category until it is further classified or permission is granted to make the data public.

Return to the Data Classification Table >>



Contact


For all questions pertaining to the data classification table, please contact the Technology Security Services group at security@nyu.edu.

Page last reviewed: March 4, 2014