Types of data

There are four classification levels of institutional data at Indiana University.

Institutional Data is categorized into data classifications as defined in Policy DM01: Management of Institutional Data to ensure proper handling and sharing of data based on sensitivity and criticality of the information. Data classifications are listed below from most sensitive to least sensitive:

  • Critical

    Inappropriate handling of this data could result in criminal or civil penalties, identity theft, personal financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals.

  • Restricted

    Because of legal, ethical, or other constraints, this data may not be accessed without specific authorization. Only selective access may be granted.

  • University-Internal

    This data may be accessed by eligible employees and designated appointees of the university for purposes of university business. Access restrictions should be applied accordingly.

  • Public

    Few restrictions are placed on this data, as it is generally releasable to a member of the public upon request. Upon receipt of a request, seek advice from the appropriate data steward. If the request is made in regard to the Indiana open records statute, seek advice from the Office of the VP and General Counsel, as well as the appropriate Data Steward.

For a simplified picture of how some data are classified within data domains see the Classification Examples chart provided below.

For detailed information, use the Data Sharing and Handling (DSH) tool. This tool identifies how data have been classified, where it should be stored, and what laws and regulations should be considered. It also provides general guidance for sharing and disposing of each type of data. The tool is a simple 2 step process:

  1. identify the type of data you’re interested in by selecting a Domain,
  2. choose one of the categories of data presented to see detailed information.

For more background information, see: What is institutional data?

If you have more specific questions about data classification or the appropriate use of your data, after reviewing the content in the DSH tool, please contact the appropriate Data Steward. If you would like more complete information on data classification by domain, see the Data Classification Matrix.

Classification examples

The following chart shows examples of how some data is classified within each data domain.

Domain Critical Restricted University-Internal Public
Cross-domain identifiers (PII) SSN, Biometrics (finger and voice prints, facial scans) Last 4 digits of SSN University ID numbers Username
Student Driver’s license, passport, credit card or banking information, CrimsonCard magstripe Individual grades, academic transcript, class schedule, date of birth, advising notes, CrimsonCard barcode Student Address, Phone Student name, Major, Degree
Human Resources I-9 Form data; Payroll direct deposit account number  Employee home address, CrimsonCard barcode Employee offer letters, faculty tenure recommendations Employee name and compensation
Health Patient record Faculty/Staff Immunization record
Facilities Detailed floor plans showing gas, water, sprinkler shut-offs, hazardous materials Basic floor plans showing egress routes and shelter areas Campus map showing buildings, names, addresses, parking, lighted pathways, emergency phones, etc.