Data Classifications

Confidential

Sensitive

Public

Confidential

• Non-Public Personal Information (NPI) – Under the Gramm-Leach-Bliley Act, personally identifiable financial information provided by a consumer or information that results from, or information otherwise obtained by the university in order to provide a financial product or service from or through the university.
• Protected Health Information (PHI)– Information requiring special protections to ensure it is not disclosed to anyone who is unauthorized under the Health Insurance Portability and Accountability Act.
• Regulatory Protected Information – data that is protected by federal, state or local law and includes, but is not limited to PHI, NPI, and funded research.
• Personally Identifiable Information (PII) – An individual’s first name or first initial and last name plus one or more of the following data elements: (1) Social Security number; (2) driver’s license number or federal/state issued ID card number; (3) account numbers, credit card numbers or debit card numbers combined with any security code, access code, PIN or password needed to access an account
• Social Security numbers must not be used as a primary identifier for Temple-related individuals, except when required by law.
• Individual states have issued more stringent rules past the definition of PII. The following are examples of confidential data beyond the PII definition:
  • National identification number
  • Birth date or place (when used in conjunction with other personal information)
  • Taxpayer Identification number
  • Government Passports
  • Personal bank account information
  • Credit or debit card information
  • Medical records
  • Disciplinary records
  • Student financial records
  • Background Check/Investigation Results

Sensitive

• All data not defined as Public or Confidential Data.  This data may be accessed by anyone employed or working under contract for the university, in the conduct of bona fide university business with proper authorization.
• Education Records - any record stored or maintained by the university or an agent of the university, as defined in Temple’s Policy Regarding Confidentiality of Student Records (policy 03.20.11 ).
• The following are examples of sensitive data:
  • Exams or exam results
  • Home or emergency contact information
  • Certificate/license numbers
  • Payroll records
  • Vehicle identification numbers
  • Full face photographic and comparable images
  • Class lists
  • Final grades
  • Disciplinary records
  • Student financial records

Public

• Directory Information - Items considered directory information are listed in Temple’s Policy Regarding Confidentiality of Student Records (policy 03.20.11 ).
• Information that is publicly available and which, if altered or destroyed, would result in little or no risk to the university and its affiliates. The following are examples of publicly available data:
  • Temple University Fact Book
  • Press releases
  • Course information
  • Job descriptions
  • Marketing materials intended for the general public

Confidential

• Donor Information – Any personal information included with the donation amount - [Unless approved otherwise by the donor]
• Health Information: Fax Numbers, Email Address, Dates relating to the individual, Medical Record Numbers, Health Plan Beneficiary Numbers, Health Information - Account Numbers, Certificate/License Numbers, Device identifiers, URLs, IP Addresses, Health Information - Biometric Identifiers, Any other unique identifier, Telephone numbers, Names, Geographic information smaller than a state or province, Student Disability
• Social Security Number
• Driver's License Number
• Passport number
• Visa number
• State Identification Card Number
• Certificate/License number
• Credit Card number
• Debit Card Number
• Bank Account Number or other financial account numbers (includes Student Financial Loans) [In combination w/personally identifiable information, access accounts or password]
• Student Judicial and/or Disciplinary records
• Passwords, passphrases, PIN numbers, security codes, access codes
• System Logs

Sensitive

• Full Face Photographic Images
• Payroll information (e.g. W2, taxes, deductions, etc.)
• Date of Birth/Age
• Last 4 digits of Social Security Number
• Final Student Grades
• Library Circulation Records
• Exams
• Donor Information – Names, addresses and other personal information [No donation amount]
• Progress Grades, Test Scores
• Gender
• Emergency Contact
• Home Mailing Address
• Phone
• Ethnicity
• Military Status
• Veteran Status
• Citizenship
• Visa status
• Country of birth or citizenship
• Work Authorization (I-9)
• Job action reason (e.g. terminations or leave)
• Benefits enrollment info
• Marital Status
• Compensation
• Background Check Verification
• Previous work experience
• Education and Training Background
• Course Class lists
• Dates of first and last employment
• Salary Grade

Public

• AccessNet Username
• PCN Number
• TUid
• Names (First, Last, Preferred)
• Job Title
• Job Description
• University Address
• University Telephone Numbers
• Faculty/Staff/Administrator Email Address [Available via Directory]
• Press Releases
• Course Information
• Student Email Address
• Affiliation
• Department

Confidential, Sensitive and Public Data

• Microsoft Teams configured for HIPAA
• Temple University Storage (TUCloud/TUVault/Departmental Shares) [With encryption or on Temple HIPAA environment]
• Banner Document Management (Xtender) [Cannot be used to store Data Elements classified as Health Information.]
• TUsafesend.temple.edu (Secure Data Transport)

Sensitive and Public Data

• Microsoft OneDrive and Teams
• University Outlook 365 Email  — Using Encrypted Files, e.g. PGP, WinZip, 7zip
• Google Docs/Google Drive — Using Encrypted Files, e.g. PGP, WinZip, 7zip

Public Data

• BOX.COM
• DROPBOX
• EVERNOTE
• University Outlook 365 Email
• Google Docs/Google Drive
• iCloud
• Adobe Creative Cloud
• SyncWorks
• Workstation (Desktop, Laptop, Tablet)