Extended list of Confidential Data
Table of Contents
- This document provides an expanded list of representative examples of data classified as Confidential data. This list is provided to help IT- owners and custodians with a way to evaluate the level of protections required for their systems.
NOTE: Social Security numbers may be stored on only authorized systems, such as the payroll system. They are released only as required by law; for example, to the IRS for tax purposes.
This list is not all-inclusive, and it does not cover the release of information.
The following information is confidential:
- Social Security number
- Patient names, street address, city, county, zip code, telephone / fax numbers
- Dates (except year) related to an individual, account / medical record numbers, health plan beneficiary numbers
- Personal vehicle information
- Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers and full face images
- Any other unique identifying number, characteristic, or code
- Payment Guarantor's information
The following information is confidential. This applies to both enrolled and prospective student data.
- Full Student Identification Number (ID)
- Partial Student ID (including last four digits)
- Social Security number
- Grades (including test scores, assignments, and class grades)
- Student financial, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, student bills
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers
- Date of birth
Note that for enrolled students, the following data may ordinarily be revealed by the university without student consent unless the student designates otherwise:
- Name, directory address and phone number, mailing address, secondary mailing or permanent address, residence assignment and room or apartment number, campus office address (for graduate students)
- Place of birth
- Electronic mail address
- Specific semesters of registration at UTRGV; UTRGV degree(s) awarded and date(s); major(s), minor(s), and field(s); university degree honors
- Institution attended immediately prior to UTRGV
- ID card photographs for course instructor use
The following information is confidential:
- Social Security number
- Name
- Personal financial information
- Family information
- Medical information
- Credit card numbers, bank account numbers, amount / what donated
- Telephone / fax numbers, e-mail, URLs
The following information is confidential:
- Human subject information. Refer to the Institutional Review Board Web site (www.utrgv.edu/research/for-researchers/human-subjects-research) for more information on research involving human subjects.
- Sensitive digital research data
- Export Controlled Information – ITAR and EAR - Information or technology controlled under the International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR) as described below, is confidential:
- Information which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of a controlled item or product. This includes information in the form of blueprints, drawings, photographs, plans, instructions or documentation.
- Classified information relating to defense articles and defense services;
- Information covered by an invention secrecy order;
- Software directly related to a controlled item;
There can be confusion over which rules apply when an employee is also a student. The rule of thumb is that the student rules apply when the employee is in a student job title.
The following employee information is confidential:
- Social Security number
- Date of Birth
- Personal financial information, including non-UT income level and sources
- Insurance benefit information
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers
- Family information, home address, and home phone number may be revealed unless restricted by the employee. UTRGV employees can restrict this information in Oracle.
Please note that information considered public, such as employee names, salary, and performance review information, would be released under an open records request.
The following information is confidential:
- Vendor social security number
- Credit card information
- Contract information (between UTRGV and a third party)
- Access device numbers (ISO number, building access code, etc.)
- Biometric identifiers
- Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses
The following information is confidential:
- Information pertaining to the Office of Institutional Relations and Legal Affairs
- Financial records
- Contracts
- Physical plant detail
- Credit card numbers
- Certain management information
- Critical infrastructure detail
- User account passwords
- User Identification Number (UIN)
Version |
Date |
New |
Original |
2.0 | 3/20/2017 | Created document |
Name |
Role |
Date |
Thomas Owen | Approval | 4/13/2017 |