New York University Skip to Content Skip to Search Skip to Navigation Skip to Sub Navigation


Data Classification

General Information

The Data Classification table is meant to describe the confidentiality of the data in question, and does not factor in the integrity or availability requirements in its rating. Note that if a piece of data fits into more than one category it is considered to be the highest of those classes.

This Data Classification Table was created by NYU IT Technology Security Services and adopted by the Data Protection Risk Analysis Project Team. For questions, including from global locations, regarding its contents, please contact

To download the Data Classification Table as a PDF, click here.


Data ClassificationInstitutional Risk from DisclosureDescriptionExamples





Data whose unauthorized access or loss could seriously or adversely affect NYU, a partner, or the public.

  • Social Security Number
  • Driver's License Number
  • Bank/Financial Account Number
  • Credit/Debit Card Number
  • Electronic Protected Health Information
  • Central Authentication Credentials*
  • University Financial Data on Central Systems*





Data with a less high level of importance, but that should be protected from general access.

  • University Intellectual Property*
  • University Proprietary Data*
  • Passport Number
  • Final Course Grades
  • FERPA*
  • External Steward Data*
  • Human Resources Data*
  • Protected Data Related to Research*





All other non-public data not included in the Restricted or Protected classes

  • NetID
  • University Identification Number
  • Licensed Software
  • Other University Owned Non-Public Data*





All public data

  • General access data, such as that on unauthenticated portions of

Further Clarification

Examples to illustrate Items marked with an * above.

  • Central authentication credentials - NYU NetID and password combinations. Does not include local password stores on desktops, laptops, handheld devices, departmental servers, etc.
  • University Financial Data on Central Systems - Financial data at the system of record, where modification of that data would impact University processes. Does not include representation of that data elsewhere, such as in a report.
  • Protected Data Related to Research - Research data which is strictly guided by federal regulation. Depending on the subject matter, there may be more stringent requirements for your grant, from the OSP or the IRB. This does not include most grant-based research including projects based on NSF-grants.
  • Public Safety Information - Includes data containing and/or related to confidential investigation records.
  • University Intellectual Property - Includes data which the University may patent or gain from financially.  Does not include copyrighted materials which are publicly available, e.g. torch logo, etc.
  • University Proprietary Data - Includes data which the University may stand to suffer financial and/or reputational loss as a result of a breach but that is neither Restricted nor Confidential data, e.g. general donor information, etc.
  • FERPA - (Family Educational Rights and Privacy Act) This includes non-directory FERPA information not already listed in Restricted or Confidential. Note this is an exception to the standard policy of data being classified at its highest level.
  • External Steward Data - Data for which the University is a gatekeeper, such as movies or media that we are not directly licensed for but are offering to our community via an external partnership
  • Human Resources Data - Includes salary, benefits information, medical information not covered under Restricted.
  • Other University-owned non-public data - Anything not already listed in the chart that should not be considered public.  Every piece of data at NYU defaults to this category until it is further classified or permission is granted to make the data public.


For all questions pertaining to the data classification table, please contact the Technology Security Services group at

  1. Dates of official enactment and amendments:
  2. History: Issued: 06/19/07 Officially Enacted: 02/10/12 Amended: 01/22/15
  3. Cross References:

About This Policy

Effective Date: February 10, 2012
Issuing Authority: Vice President, Information Technology & Chief Information Technology Officer
Responsible Officer: NYU IT Technology Security Services
NYU Footer