What is Protected Data?

Protected Data is a general term for information that wouldn't be considered public, or that needs to be protected for any reason. The term applies to all data classified at or above Protection Level P2 or Availability Level A2. Common examples of Protected Data include, but are not limited to "Notice Triggering Data," "PCI Data,"  "Home and Family Data," "PII Data," “FERPA-Protected Data,” and "Contractual Protected Data" as defined below. Please review the Berkeley Data Classification Standard for information and requirements specific to the UC Berkeley Campus.  

Notice Triggering Data is the UC Berkeley term used to refer to data elements with a Statutory Requirement for Notification to affected parties in case of a confidentiality breach.  A breach of this data requires us to notify all impacted individuals.  Examples include the following. Please see our Glossary for a more complete list.

  • First name or first initial, and last name in combination with one or more of the following:
  • Social security number,
  • Or driver's license number,
  • Or California identification number,
  • Or other government issued identification numbers such as passport number or military ID number,
  • Or financial account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account,
  • Or personal medical information,
  • Or personal health insurance information,
  • Or certain types of biometric and generic data.

PCI Data is defined by the Payment Card Industry Security Council as: 

  • a Credit Card number (primary account number or PAN) and one or more of the following:
  • Cardholder Name
  • Service Code
  • Expiration Date

Home and Family Data includes information such as any information that describes an individual's place of residence, personal phone numbers, fax numbers, email addresses, or information about an individual's family members, such as names, ages, residences.

PII Data is defined by the State of California as personally identifiable data which is broadly interpreted to mean information about an individual maintained with sufficient information to readily identify the individual. Student records with name or SID, employee records with name or employee ID, financial records with name or account number are examples of PII.

FERPA-Protected Data refers to student records protected under the Federal Family Educational Rights and Privacy Act of 1974 (FERPA). Examples of FERPA-Protected Data include Student ID, transcripts (grades), exam papers, evaluations, financial aid and loan records, and directory information for students who have requested that information about them not be released as public information.

Contractually Protected Data is defined as any information identified within a formal legal agreement that obligates the Campus to keep confidential or restrict access.  Examples include information under non-disclosure and third-party proprietary or confidential information. 

Please contact security@berkeley.edu if you have any questions about specific types of information, whether it is "protected" and what privacy and security protections are relevant.