Data Classification and Protection Levels

Data Classification Protection Levels:

Impact of loss of confidentiality or integrity

UC BFB IS-3 establishes that Institutional Information and IT Resources must be protected according to their classifications. Summary definitions and key examples of each level are included below. Full definitions and additional examples are available in the Data Classification Table within the Data Classification Standard.  Additionally, a printable copy of the chart below is available for download.

 

Protection Level:

Summary Definition:

Key Examples:

P4 Level Flag

Information and IT Resources requiring the highest level of confidentiality or integrity, including Notice-Triggering data and "Shared-Fate" data and systems.

  • “Notice-triggering” data elements such as SSN and other government-issued ID numbers, driver’s license, financial account, or credit card numbers, personal medical or personal health insurance information

  • Passwords, PINs, passphrases, and private keys

  • Personally identifiable financial aid and student loan information

  • Official financial, accounting, and payroll systems of record

  • High risk human subject research data, including certain types of individually identifiable genetic information

P3 Level Flag

Information and IT Resources whose unauthorized use, access, disclosure, modification, loss or deletion could result in moderate harm or damage.

  • Personally identifiable information not already classified as P4

  • FERPA-Protected Student Records (including Student ID) not containing P4 information

  • Staff and academic Personnel Records not containing P4 information

P2 Level Flag

Institutional Information and IT Resources that are generally not intended for public use or access and may only be accessed on a need-to-know basis.

  • Information intended for release only on a need-to-know basis

  • De-identified human subject or patient information (with negligible re-identification risk and no Notice-Triggering data elements)

  • Public Directory Information for faculty, staff, and students who have not requested a FERPA block

  • UC Path Employee ID

P1 Level Flag

Information intended for public access, but whose integrity is important.

  • Public-facing informational websites

  • Course listings and prerequisites

  • Press releases

  • Published research