Data Classification

University data is classified into three categories. These classifications are outlined by ITS:

As it pertains to the encryption policy, the relevant data category is “Category-I Data”

What is Category-I data?

Data that is protected by federal or state law or University of Texas rules and regulation is classified as “Category-I”. Anything protected by HIPAA, FERPA, Sarbanes-Oxley, Gramm-Leach-Bliley, the Texas Identity Theft Enforcement and Protection Act, or University of Texas System Policies falls under this category.

ITS has compiled an extensive list of examples of Category-I data:

Some relevant excerpts from this list include:

  • Social Security Numbers

  • Grades (including test scores, assignments, and class grades)

  • Student financials, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, student bills

  • Access device numbers (ISO number, building access code, etc.)

  • Employee personal financial information, including non-UT income level and sources

  • Biometric identifiers

  • User account passwords