Extended List of Confidential Data

This document is referred to in the Policy on the Security Requirements for Protecting University Data at Rest

Sensitive University Data is data that is considered Registered Confidential or Confidential (based on the Data Classification policy). It is data that is regulated by Federal or State laws including but not limited to:

  • Family Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Electronic Communications Privacy Act (ECPA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Children's Online Privacy Protection Act (COPPA)
  • Freedom of Information Action (FOIA)
  • Connecticut Personal Data Act
  • Federal Trade Commission (FTC) Red Flag Rule (Identity Theft Regulation) or other relevant University policies or procedures.

The following data elements require the highest level of protection. This list may expand based on future regulatory requirements. This list is not to be construed as a comprehensive list. Other data may also require similar protections. Contact your Department's IT Security representative and/or the Assistant Director of Compliance/Privacy to discuss the security measures that must be implemented for all other data that is not considered public.

SSN and Other Personally Identifiable Information:

  • Name (First name or initial and Last name), when stored or displayed with one or more of the other listed data elements
  • Social Security Number
  • Driver's license number
  • State identification card number
  • Financial account numbers such as credit, debit, or bank account numbers
  • Passport number
  • Alien registration number
  • Health insurance identification number
  • Home address or phone number of individuals in protected classes (FOIA)

Credit Card Information

  • Primary Account Number (when stored with any other information below)
  • Cardholder Name
  • Service Code
  • Expiration Date

(Individual) Student University Records

  • Grades/Transcripts/Test scores
  • Courses taken/Schedule
  • Advising records
  • Educational services received
  • Disciplinary actions
  • Student Financial Aid, Grants, and Loans
  • Financial account and payment information including billing statements, bank account and credit card information
  • Admissions and recruiting information including test scores, high school grade point average, high school class rank, etc.
  • Student Personnel records

Refer to the University's FERPA policy for additional information.

Personal Health Information

  • Information that identifies the individual, or could reasonably be used to identify the individual, including, but not limited to name, addresses, telephone/fax number, medical record number, telephone number, birthday, admission/discharge date, vehicle ID and serial number, device IDs and serial number, certificate/license numbers, biometric identifiers, full-face images, other unique identifying number/characteristic/code.
  • Information about the patient's past, present or future physical or mental health or condition
  • Information relating to the provision of, or payment for, health care

Financial Data

  • Employee financial account information
  • Student financial account information - aid/grants/bills (covered under FERPA)
  • Individual financial information
  • Business partner and vendor financial account information