Body
This chart will help you identify the classification and risk level of various types of data you might handle as a part of your job.
This chart is a simplified version of Biola's data classification standard. For details on how to handle data in each protection level, read our Data Handling Guide on My Biola.
|
|
Key Examples |
Protection Level P4
(Highest Risk)
Data with the highest level of confidentiality, including data that could steal a person’s identity and which legally requires notification to affected parties in case of a confidentiality breach.
This also includes data that, if compromised, could jeopardize multiple systems. |
- Any data with Legal Requirement for Notification, including:
- SSN and other government-issued ID numbers
- Driver’s license numbers
- Credit card numbers
- Personal medical or health insurance information
- Enterprise databases (e.g. Ellucian Banner, Active Directory)
- Passwords, passphrases, or PINs
- Personally identifiable financial aid and student loan information
|
Protection Level P3
(Medium Risk)
Data that is legally protected, and could result in fines or civil actions if disclosed, lost, or compromised. |
- Any personal data that could identify a specific person that isn't already classified as legally-protected PII (P4), directory information (P2), or public information (P1).
- FERPA data (including Student ID numbers)
- HR & employee personnel records
- Donor information, including donation amounts
- Security camera recordings
- Industrial control systems affecting operations
|
Protection Level P2
(Low Risk)
Data not intended for public use, and should only be accessed on a need-to-know basis. |
- NetIDs
- Public Directory Information
- De-identified personal information (e.g. anonymous research data)
- Routine email and business records
- Exams (questions and answers)
- Proprietary business information or intellectual property that would have little or no impact on the reputation of the university if lost or released without Biola’s consent.
|
Protection Level P1
(Minimal Risk)
Data intended for public access. |
- Public-facing informational websites
- Course listings and prerequisites
- Press releases
- Published research
|