U.T. System policy organizes information into three categories, referred to as the Data Classification Standard. The U.T. System Data Classification Standard consists of three mutually exclusive data classifications based on fit within a spectrum indicating the degree to which access to the data must be restricted and data integrity and availability must be preserved. The three classifications are as follows:
Confidential Information
Information is classified as confidential if it must be protected from unauthorized disclosure or public release based on a state or federal law or regulation. U T. System policy requires that special steps be taken to protect confidential data. Specifically, the policy requires that U. T. System Administration protect the security of confidential data during transport and electronic transmission, including:
- identifying and transmitting the least amount of confidential data required to achieve the intended business objective;
- encrypting all confidential data transmitted over the internet;
- encrypting all confidential data transmitted between institutions and shared data centers; and
- deleting transmitted and received confidential data upon completion of the intended business objective.
Examples of confidential information
- Patient billing Information and protected health information (PHI) subject to HIPAA or applicable state law
- Student education records subject to FERPA
- A credit card number associated with an individual’s name
- A social security number
- Medical research data that contains protected health information
- Certain student loan Information subject to the Gramm Leach Bliley Act
Controlled Information
Controlled information is not generally created or made available for public consumption but may be subject to release to the public through request made via the Texas Public Information Act or similar state or federal law.
Examples of controlled information
- Operational budgets
- Employee salaries
- Expenditures
- Internal communications
Published Information
Published Information includes all data made available to the public through posting to public websites, distribution through email, social media, print publications, or other media.
Examples of published information
- Statistical reports
- Published research
- Organizational policies
- News and press releases
- Unrestricted directory information
- Educational content available to the public at no cost
