Information Security

Level 1, 2 and 3 Data

What is university data?

University data covers any item of information that is collected, maintained, and used by the University for the purpose of carrying out the business of the University, subject to or limited by any overriding contractual or statutory regulations. University data may be stored either digitally or on paper and may take many forms, including, but not limited to, text, graphics, images, sound, and video. Research data, scholarly work by faculty or students, and intellectual property that does not contain personally identifiable information or other data protected by law or University policy is not considered University data, nor is an individual’s own personally identifiable information (PII) unless it's used as described above. University data must be available to the University and other individuals as required under University policies and is subject to CSU Policy & Standards (PDF)CSU, Chico Data Classification (PDF), and other appropriate controls depending on the sensitivity of the data.

Level 1-(PII) Confidential: Data governed by existing law or statue such as:

  • (PII) Social Security number and name, credit card numbers and cardholder name, driver’s license number and name
  • (ePHI) Health information

Level 2-Internal: Information that must be protected because of ethical or privacy concerns such as:

  • Grades
  • Disciplinary actions
  • Student photo.
  • FERPA information

Level 3-General: Information such as title, email address, or other directory information that is freely available in the public domain.

  • FERPA directory information