Skip to main content

Information Security Office

Data Classification Examples

This document provides an expanded list of representative examples the data classification types. This list is provided to help owners and custodians with a way to evaluate the level of protections required for their systems.

NOTE: Social Security numbers may be stored on only authorized systems, such as the payroll system. They are released only as required by law; for example, to the IRS for tax purposes.

These lists are not all-inclusive, and it does not cover the release of information.

Examples of Category-I (Confidential) Data

University data protected specifically by federal or state law or University of Texas rules and regulations (e.g., HIPAA; FERPA; U.S. Export Controlled information; Sarbanes Oxley, Gramm-Leach-Bliley; the Texas Identity Theft Enforcement and Protection Act; University of Texas System Policies; specific donor and employee data). University data that are not otherwise protected by a known civil statute or regulation, but which must be protected due to contractual agreements requiring confidentiality, integrity, or availability considerations (e.g., Non Disclosure Agreements, Memoranda of Understanding, Service Level Agreements, Granting or Funding Agency Agreements, etc.)

  • Social Security Number
  • Tax ID Number
  • Driver License Number
  • State Identification Number
  • Passport Number
  • Bank Account Number
  • Credit or Debit Card Number
  • Patient Medical/Health Information
  • Biometric Identifiers
  • Student Records
  • Donor/Alumni Information
  • Employee Information
  • User Authentication Credentials
  • Hazmat/Controlled Drug/Chemical/Radiological information
  • Research data involving identified human subjects
  • Research subject to Export Controls (e.g. ITAR or EAR)
  • Encryption Keys
  • Confidential University Information
  • Confidential Third Party/Vendor Data
  • Other category I data

Examples of Category-II (Controlled) Data

University data not otherwise identified as Category-I data, but which are releasable in accordance with the Texas Public Information Act (e.g., contents of specific e-mail, salary, etc.). Such data must be appropriately protected to ensure a controlled and lawful release.

  • Copies of email
  • Salary
  • Non-confidential Third Party/Vendor Information
  • Research information or data not involving identified human subjects
  • Physical Plant Detail
  • Certificate / Credential License numbers
  • Controlled Business/Vendor Data
  • Proprietary Institutional Information
  • Critical Infrastructure Detail
  • Unpublished Research
  • Other category II data

Category-III (Published or Public) Data

University data not otherwise identified as Category-I (Confidential) or Category-II (Controlled) data that is publicly available. Such data have no requirement for confidentiality, integrity, or availability.