Unrestricted/Public Information
Information that may be disclosed to the general public without harm.
Examples: public phone directory, course catalogs, public research findings, enrollment figures, public websites, general benefits information, press releases, newsletters, etc.
Sensitive Information
Sensitive information is information that should be kept confidential. Access to this information shall require authorization and legitimate need-to-know. Privacy may be required by law or contract.
Sensitive information includes, but is not limited to non-directory information covered by the Family Educational Rights and Privacy Act (FERPA), budgetary plans, proprietary business plans, patent pending information, any other information whose privacy is protected by law, etc.
Restricted Information
Restricted information includes, but is not limited to: social security numbers, medical information, biometric, financial information, government-issued identification information, and access information including user name or email address in combination with a password or security question and answer, or security code, access code, expiration information or PIN that would permit access to an online account that is reasonably likely to contain or is used to obtain restricted information.
Need help finding restricted information on your machine or in your mailbox? Spirion is a software package that searches data stored on your machine. With Spirion, UA faculty and staff can proactively find restricted data on their University-owned machines.
Laws and Policies
Laws and regulations include, but are not limited to:
- Alabama Data Breach Notification Act of 2018 and other applicable breach notification laws
- Family Educational Rights and Privacy Act (FERPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Health Information Technology for Economic and Clinical Health (HITECH)
- Gramm-Leach-Bliley Act (GLB Act or GLBA)
- Payment Card Industry Data Security Standards (PCI DSS)
- Federal Information Security Management Act (FISMA)
- General Data Protection Regulation (GDPR) and other international privacy laws and regulations
University Policy
Visit the UA Policy website to view the Information Classification Policy in its entirety. OIT Security maintains an Information Protection Procedure to support the policy. If you access sensitive or restricted information for your job duties at UA, you should only use University equipment. Personal computers should not be used to access sensitive or restricted information.
Looking for a secure storage solution?
Consider OneDrive or Box to store information in a secure cloud environment! View our document management matrix below to see secure storage options.
Document Management Matrix
| Available Services | Unrestricted/Public Information | Sensitive Information | Restricted Information |
|---|---|---|---|
| Blackboard Learn | Yes | Yes | Yes |
| UA Box | Yes | Yes | Yes |
| UA Email | Yes | Caution | Caution |
| Microsoft Forms | Yes | Caution | Caution |
| OnBase | Yes | Caution | Caution |
| UA OneDrive | Yes | Yes | Yes |
| UA Qualtrics | Yes | Yes | Caution |
| Removable Media (USB, CD, etc.) | Yes | Yes | Yes |
| UA Shared Network Drive | Yes | Yes | No |
| UA SharePoint | Yes | Caution | No |
| Teams | Yes | Yes | Caution |
Data Examples
Unrestricted/Public Information
- Public directory
- Course catalogs
- Public research findings
- Public websites
- Policies
Sensitive Information
- FERPA data
- Budgetary plans
- Business plans
- Patent-pending information
- Information protected by law
Restricted Information
- Social Security Numbers
- Medical information (PHI)
- Financial information
- Biometric data
- Government identification
For guidance on using Microsoft Forms with sensitive data, click here.
Passwords should always be stored in Keeper.