General Data (Low Risk)
Data and systems are classified as Low Risk if they are not considered to be Moderate or High Risk, and:
- Research data (at owner's discretion)
- Rice UIDs
- Information authorized to be available on or through the Rice Website without authentication
- Policy and procedure manuals designated by the owner as public
- Job postings
- University contact information not designated by the individual as "private"
- Information in the public domain
- Publicly available campus maps
- Data already available in the public domain but not available due to a data breach
Sensitive Data (Moderate Risk)
Data and systems are classified as Moderate Risk if they are not considered to be High Risk, and:
- Unpublished research data (at data owner's discretion)
- Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact information
- Non-public Rice policies and policy manuals
- Non-public contracts
- Rice internal memos and email, non-public reports, budgets, plans, financial info
- University and employee ID numbers
- Project/task/award (PTA) numbers
- Engineering, design, and operational information regarding Rice infrastructure
- Rice data classified as sensitive under policy 808
Confidential and Regulated Data (High Risk)
Data and systems are classified as High Risk if:
- Health Information, including Protected Health Information (PHI)
- Health Insurance policy ID numbers
- Social Security Numbers
- Credit card numbers
- Financial account numbers
- Export controlled information under U.S. laws
- Driver's license numbers
- Passport and visa numbers
- Donor contact information and non-public gift information
- Student records and admission applications
- Rice data classified as confidential under policy 808