Stanford's Information Security Office defines three levels of non-public information: Prohibited, Restricted, and Confidential. For each level, they have defined who is allowed access to the information, and how that information is permitted to be stored and transmitted. For the full definitions of each category, see the official Data Classification Chart.
If you have further questions, including questions about specific kinds of data (student records, grades, applications, etc), see the FAQ for handling Prohibited and Restricted Data.
Cheat Sheet (For the full definitions, see the Official Chart.)
Information is classified as “Prohibited” if protection of the information is required by law or regulation, or if Stanford is required to report to the government and/or the individual if information is inappropriately accessed.
- Social Security Numbers
- Credit Card Numbers
- Financial Account Numbers (such as checking or investment accounts)
- Driver's License Numbers
- Health Insurance Policy ID Numbers
** You should never store any of this data on any of your computers at ALL, without the express permission of the Data Governance Board. This information is required to be encrypted.
- Health information, including PHI (Protected Health Information)
- Passport and travel visa numbers
- Research and other information covered by non-disclosure agreements
- Export-controlled information under U.S. laws
This information is required to be encrypted.
If you are unsure about what you need to do, contact the IRT Service Desk at 5-8000 and the folks there will answer your questions.