Data Classification

Stanford's Information Security Office defines three levels of non-public information: Prohibited, Restricted, and Confidential. For each level, they have defined who is allowed access to the information, and how that information is permitted to be stored and transmitted. For the full definitions of each category, see the official Data Classification Chart.

If you have further questions, including questions about specific kinds of data (student records, grades, applications, etc), see the FAQ for handling Prohibited and Restricted Data.

Cheat Sheet (For the full definitions, see the Official Chart.)

PROHIBITED INFORMATION**

Information is classified as “Prohibited” if protection of the information is required by law or regulation, or if Stanford is required to report to the government and/or the individual if information is inappropriately accessed.

This includes:

  • Social Security Numbers
  • Credit Card Numbers
  • Financial Account Numbers (such as checking or investment accounts)
  • Driver's License Numbers
  • Health Insurance Policy ID Numbers


 ** You should never store any of this data on any of your computers at ALL, without the express permission of the Data Governance Board. This information is required to be encrypted.

RESTRICTED INFORMATION

This includes:

  • Health information, including PHI (Protected Health Information)
  • Passport and travel visa numbers
  • Research and other information covered by non-disclosure agreements
  • Export-controlled information under U.S. laws


This information is required to be encrypted.

CONFIDENTIAL INFORMATION

This includes:
  • Student Records
  • Research Data
  • Faculty/staff employment applications, personnel files, benefits, salary, birthdate, and personal contact information
  • Admission applications
  • Donor contact information and non-public gift amounts
  • Non-public Stanford policies
  • Stanford internal memos and email, and non-public reports, budgets, plans, and financial information
  • Non-public contracts
  • University and employee ID numbers

 

QUESTIONS?

If you are unsure about what you need to do, contact the IRT Service Desk at 5-8000 and the folks there will answer your questions.