Data Classification Table
The Data Classification Table is meant to describe the confidentiality of the data in question, and does not factor in the integrity or availability requirements in its rating. Note that if a piece of data fits into more than one category it is considered to be the highest of those classes.
This Data Classification Table was created by the NYU IT Office of Information Security (OIS) and adopted by the Data Protection Risk Analysis Project Team. For questions, including from global locations, regarding its contents, please contact firstname.lastname@example.org. Local privacy laws and regulations may vary at NYU's global locations; please check with OIS to determine that you are safeguarding the data appropriately.
Click here to download the Data Classification Table as a PDF.
Data whose unauthorized
access or loss could
seriously or adversely
affect NYU, a partner, or
Data with a less high level
of importance, but that
should be protected from
All other non-public data
not included in the
Restricted or Protected
All public data
Examples to illustrate Items marked with an * above.
- Central authentication credentials - NYU NetID and password combinations. Does not include local password stores on desktops, laptops, handheld devices, departmental servers, etc.
- University Financial Data on Central Systems - Financial data at the system of record, where modification of that data would impact University processes. Does not include representation of that data elsewhere, such as in a report.
- Protected Data Related to Research - Research data which is strictly guided by federal regulation. Depending on the subject matter, there may be more stringent requirements for your grant, from the OSP or the IRB. This does not include most grant-based research including projects based on NSF-grants.
- Public Safety Information - Includes data containing and/or related to confidential investigation records.
- University Intellectual Property - Includes data which the University may patent or gain from financially. Does not include copyrighted materials which are publicly available, e.g. torch logo, etc.
- University Proprietary Data - Includes data which the University may stand to suffer financial and/or reputational loss as a result of a breach but that is neither Restricted nor Confidential data, e.g. general donor information, etc.
- FERPA - (Family Educational Rights and Privacy Act) This includes non-directory FERPA information not already listed in Restricted or Confidential. Note this is an exception to the standard policy of data being classified at its highest level.
- External Steward Data - Data for which the University is a gatekeeper, such as movies or media that we are not directly licensed for but are offering to our community via an external partnership
- Human Resources Data - Includes salary, benefits information, medical information not covered under Restricted.
- Other University-owned non-public data - Anything not already listed in the chart that should not be considered public. Every piece of data at NYU defaults to this category until it is further classified or permission is granted to make the data public.
For all questions pertaining to the data classification table, please contact the NYU IT Office of Information Security (OIS) at email@example.com.