Data Classification and Protection Levels

Data Classification Protection Levels:

Impact of loss of confidentiality or integrity

UC BFB IS-3 establishes that Institutional Information and IT Resources must be protected according to their classifications. Summary definitions and key examples of each level are included below. Full definitions and additional examples are available in the Data Classification Table within the Data Classification Standard.  Additionally, a printable copy of the below is available for download.

Protection Level:

Summary Definition:

Key Examples:

P4 Level Flag

Information and IT Resources requiring the highest level of confidentiality or integrity, including Notice-Triggering data and "Shared-Fate" data and systems.

  • “Notice-triggering” data elements such as SSN, driver’s license, financial account, or credit card numbers, personal medical or personal health insurance information

  • Passwords, PINs and passphrases

  • Financial aid and student loan information

  • Official financial, accounting, and payroll systems of record

  • Individually identifiable human subject research data or genetic information

P3 Level Flag

Information and IT Resources whose unauthorized use, access, disclosure, modification, loss or deletion could result in moderate harm or damage.

  • Personally identifiable information not already classified as P4

  • FERPA-Protected StudentRecords (including Student ID) not containing P4 information

  • Staff and academic Personnel Records (including Employee ID) not containing P4 information

P2 Level Flag

Institutional Information and IT Resources that are generally not intended for public use or access and may only be accessed on a need-to-know basis.

  • Information intended for release only on a need-to-know basis

  • De-identified human subject or patient information (with negligible re-identification risk)

  • Public Directory Information for faculty, staff, and students who have not requested a FERPA block

P1 Level Flag

Information intended for public access, but whose integrity is important.

  • Public-facing informational websites

  • Course listings and prerequisites

  • Press releases

  • Published research