.. vim: syntax=rst

.. _encryption-data:

===================
Data Classification
===================

University data is classified into three categories. These classifications are outlined by ITS:

https://security.utexas.edu/policies/data_classification

As it pertains to the encryption policy, the relevant data category is "Category-I Data"

What is Category-I data?
========================

Data that is protected by federal or state law or University of Texas rules and regulation is classified as "Category-I". Anything protected by HIPAA, FERPA, Sarbanes-Oxley, Gramm-Leach-Bliley, the Texas Identity Theft Enforcement and Protection Act,  or University of Texas System Policies falls under this category.

ITS has compiled an extensive list of examples of Category-I data:

https://security.utexas.edu/policies/extended-cat-1

Some relevant excerpts from this list include:

 - Social Security Numbers
 - Grades (including test scores, assignments, and class grades)
 - Student financials, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, student bills
 - Access device numbers (ISO number, building access code, etc.) 
 - Employee personal financial information, including non-UT income level and sources 
 - Biometric identifiers
 - User account passwords