Computing and Information Services Back to CIS Home Page Back to Brown Home Page

Guidelines for Safeguarding Information

Data Classification

The following chart provides definitions and examples of Brown's three data categories: Public, Regulated, and Brown Confidential. Much information classified as "Public" must also be adequately protected. Such information, if inappropriately accessed and altered in some way, could cause damage to the University.
Public Data
Regulated Data
Brown Confidential Data
Definition
Information that can be shared with anyone without damage to the University.
Information is subject to regulatory compliance
Everything else
Risk
Minimal but possible
High
Medium to High
Examples
  • Official statements, and press releases
  • Campus maps
  • Personal directory data (e.g., contact info)
  • Email

 

Student Information (FERPA):
  • Grades
  • Student financial information
  • Credit card numbers
  • Bank accounts
  • Wire transfers
  • Payment history
  • Financial aid / grants
  • Student bills
The following data may ordinarily be revealed by the University without student consent unless the student designates otherwise (for more information, see the U.S. Department of Education's FERPA web page):
  • Name
  • Date of birth
  • Place of birth
  • Phone number
  • Electronic mail address
  • Mailing address
  • Campus office address (grad students)
  • Secondary mailing or permanent address
  • Residence assignment and room or apartment number
  • Specific quarters or semesters of registration at Brown
  • Degree(s) awarded and date(s)
  • Major(s), minor(s), and field(s)
  • University degree honors
  • Institution attended immediately prior to Brown
  • ID card photographs for University classroom use
Employee Information:
  • Social security number (includes partials, such as last four digits)
  • Salary
  • Date of birth
  • Home address or personal contact information
  • Performance reviews
Donor Information:
  • Name
  • Graduating class & degree(s)
  • Credit card numbers
  • Bank account numbers
  • Social security numbers
  • Giving history
  • Addresses
  • Telephone / fax numbers
  • Email addresses, URLs
  • Employment information
  • Family information (spouse(s) / children / grandchildren)

With permission from Stanford University for use of their Classification of Data document as a model

* Note: Brown is not subject to HIPAA compliance.

Related Documents

Guidelines for Safeguarding Information | Data Protection Roles | Confidentiality Agreement Template
Computing Policy for Brown University (home)

Questions or comments to: ITPolicy@brown.edu

Effective Date: May 17, 2006

Page Last Reviewed Friday, 16-Nov-2007 10:43:05 EST by pfalcon