What exactly is critical information?
Certain information requires special care and handling, especially when inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals. Many kinds of information require special handling. For example, all personally identifiable student education records, including grades, are sensitive and require reasonable levels of protection.
But some information is especially sensitive and is classified by IU as critical. Requiring the very highest level of protection, this critical information includes:
Social Security numbers (SSN)
Credit and debit card numbers
Bank account or other financial account numbers
Government IDs including driver’s license numbers, State ID card numbers, Passport numbers, and International Visa numbers
Student loan information
Protected health information or individually identifiable health information relating to past, present, or future conditions, provisions of health care, and payment for the provisions of health care
Foundation donor data
Passwords, passphrases, PIN numbers, security codes, and access codes.
Usually, a critical information element needs to be accompanied by an individual’s name in order to result in harm due to inappropriate handling, but not always.
Checkout IU's Data Sharing and Handling Tool which provides guidance on how to properly classify, store, and share the data you manage.
You may also check with the University Information Policy Office (UIPO) at uipo@iu.edu or 812-855-UIPO if you are unsure whether you need to apply special care and handling to the information elements and assets you use.