Data Classification¶
University data is classified into three categories. These classifications are outlined by ITS:
https://security.utexas.edu/policies/data_classification
As it pertains to the encryption policy, the relevant data category is “Category-I Data”
What is Category-I data?¶
Data that is protected by federal or state law or University of Texas rules and regulation is classified as “Category-I”. Anything protected by HIPAA, FERPA, Sarbanes-Oxley, Gramm-Leach-Bliley, the Texas Identity Theft Enforcement and Protection Act, or University of Texas System Policies falls under this category.
ITS has compiled an extensive list of examples of Category-I data:
https://security.utexas.edu/policies/extended-cat-1
Some relevant excerpts from this list include:
Social Security Numbers
Grades (including test scores, assignments, and class grades)
Student financials, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, student bills
Access device numbers (ISO number, building access code, etc.)
Employee personal financial information, including non-UT income level and sources
Biometric identifiers
User account passwords