Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

What is sensitive data, and how is it protected by law?

In the course of its academic mission and its day-to-day administration, Indiana University collects large amounts of personal data on its students, faculty, and staff. Much of this data is not sensitive, and is in fact publicly available (e.g., names and telephone numbers). However, some of it is sensitive, including personal, financial, and legal information. Sensitive data include information protected by Indiana or federal law as well as that protected by university policy.

Following are some examples of sensitive data. This list is not exhaustive. Often, context plays a role in data sensitivity. However, the items below are prominent examples of data protected by state and federal law and university policy:

  • Personal and financial data, including:

    • Social Security number (SSN)
    • Credit card number or banking information
    • Tax information
    • Credit reports
    • Anything that can be used to facilitate identity theft (e.g., mother's maiden name)

  • Federally protected data, including:

    • FERPA-protected information (e.g., student information and grades)
    • HIPAA-protected information (e.g., health, medical, or psychological information)

  • State protected data

    The state of Indiana has recently enacted data protection and disclosure laws, specifying certain data as sensitive "personal information". Indiana's notification law reads:

    Sec. 3. (a) As used in this chapter, "personal information" means:

    1. An individual's:

      1. First name and last name; or
      2. First initial and last name; and

    2. At least one (1) of the following data elements:

      1. Social Security number
      2. Driver's license number or identification card number
      3. Account number, credit card number, debit card number, security code, access code, or password of an individual's financial account

  • University restricted data (limited access or institutional data)

  • Human subjects research data

  • Passwords

Following are some examples of non-sensitive data. Again, this list is not exhaustive:

  • Publicly available information that is lawfully made available to the public from records of another federal or local agency
  • Information that would appear in the telephone directory
  • The last four digits only of a Social Security number or credit card number

For more information about data protection, see Protection of Sensitive Institutional and Personal Data.

This is document augs in domain all.
Last modified on May 13, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.