Data Examples

Use the examples below to determine which risk classification is appropriate for a particular type of data. When mixed data falls into multiple risk categories, use the highest risk classification across all.

For additional information please see Rice Policies:

Rice Policy 808

Rice Policy 832

General Data

Data and systems are classified as Low Risk if they are not considered to be Moderate or High Risk, and:

  • Information authorized to be available on or through the Rice Website without authentication
  • Policy and procedure manuals designated by the owner as public
  • Job postings
  • University contact information not designated by the individual as "private"
  • Information in the public domain
  • Publicly available campus maps

Private Data

Data and systems are classified as Low Risk if they are not considered to be Moderate or High Risk, and:

  • Internal policies and procedures
  • Meeting agendas
  • Org Charts
  • University contact information designated by the individual as "private"
  • Individual or private group calendars
  • Training
  • Departmental information not intended for public consumption
  • Rice data classified as private under policy 832

Sensitive Data

Data and systems are classified as Moderate Risk if they are not considered to be High Risk, and:

  • Unpublished research data (at data owner's discretion)
  • Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact information
  • Personally Identifiable Information (PII)
  • Non-public contracts
  • Rice internal memos and email, non-public reports, budgets, plans, financial info
  • University and employee ID numbers
  • Project/task/award (PTA) numbers
  • Engineering, design, and operational information regarding Rice infrastructure
  • Rice data classified as sensitive under policy 808

Confidential and Regulated Data

Data and systems are classified as High Risk if:

  • Health Information, including Protected Health Information (PHI)
  • Health Insurance Policy ID numbers
  • Social Security Numbers
  • Credit card numbers (CID, Expiry information, CVV, etc.)
  • Financial account numbers
  • Export controlled information under U.S. laws
  • Driver's license numbers
  • Passport and visa numbers
  • Donor contact information and non-public gift information
  • Student records and admission applications (FERPA)
  • Rice data classified as confidential under policy 808