This site requires JavaScript to be enabled

Information Resources and Technology


8030.0 - Personnel Information Security Data Classification Standard

Sacramento State has classification levels that are referred to as level 1, level 2, and level 3 data. This article provides detailed descriptions and examples on what constitutes each data level.

Number: 8030.0 Revised: August 15, 2010

Sacramento State has identified three classification levels that are referred to as level 1, level 2, and level 3 data. Although all the enumerated data values require some level of protection, particular data values are considered more sensitive and correspondingly tighter controls are required for these values. The most critical level of sensitivity begins with Level 1. Levels 1 and level 2 are considered protected levels.

Level 1 ConfidentialLevel 1 data comprises identity, health and financial data that can lead to serious identity theft if exposed. Disclosure of this information can cause the most serious harm to individuals and to the campus. In most cases, legal statutes, regulation, and other mandates require special handling and protection of such data. In particular, disclosure, modification, transmission, storage or handling of this data is strictly controlled and limited to circumstances when use of the data is essential for campus academic and business processes. Examples of Level 1 data are provided in the following cell.
  • Social Security number and name
  • Birth date (full: mm-dd-yy or partial: mm-dd only) combined with last four of Social Security number and name (any combination or part of first, middle and last)
  • Passwords or credentials
  • Driver's license number, state identification card, and other forms of national or international identification in combination with name
  • Credit card numbers with cardholder name
  • Bank account or debt card information
  • Medical records related to an individual
  • Psychological Counseling records related to an individual
  • PINs (Personal Identification Numbers)
  • Tax ID with name
  • Vulnerability/security information related to the campus or a system
Level 2 Business UseLevel 2 data comprises data that is available for disclosure, but only under strictly controlled circumstances. Such information must typically be restricted due to proprietary, ethical or privacy considerations. An example of such restrictions is the FERPA guidelines that govern publication and disclosure of student information.  Another example is employee personal information, such as home address and home phone.
  • Birth date (full: mm-dd-yy or partial: mm-dd only) and name (any combination or part of first, middle and last)
  • Mother's maiden name
  • Educational records (Excludes directory information), including grades, courses taken, schedule, test scores, advising records, educational services received and disciplinary actions
  • Employee personal information including birth date (full: mm-dd-yy or partial: mm-dd only), birthplace (City, State, Country), ethnicity, gender, marital status, home address, personal phone numbers, personal email addresses, parents and other family member's names, personal characteristics, physical description, biometric information and photograph
  • Employment history including net salary, payment history, employee evaluations and background investigations
  • Electronic or digitized signatures
  • Legal investigations conducted by the University
  • Sealed Bids
  • Trade secrets or intellectual property such as research activities
  • Locations of assets
  • Linking a person with the specific subject about which the library user has requested information or materials
Level 3 PublicThis information is regarded as publicly available. These data values are either explicitly defined as public information (e.g., state employee salary ranges), intended to be readily available to individuals both on- and off- campus (e.g., an employee's work e-mail address), or not specifically classified elsewhere in the protected data classification standard. Publicly available data may still be subject to appropriate campus review or disclosure procedures to mitigate potential risks of inappropriate disclosure.
  • Sacramento State identification number (Employee ID)
  • User identification (SacLink ID)
  • Student directory information
  • Employee directory Information, including employee title, public email address, work location, telephone number, department, classification, gross salary, name (first, middle, last)
  • Financial budget information
  • Signature (non-electronic)

Information Security - KB0011467 by Long Lim | Published:2016-03-03 | Updated:2017-10-13 10:20:29 | Views::5,656

Version 1.4.2 (release notes)