Skip to Content

Information Security Office

Network is experiencing difficulties.

Policy Index
Information Asset Management
Data Classification Standard
Number: 8065.0 Revised: August 15, 2010

California State University, Sacramento has identified three classification levels that are referred to as level 1, level 2, and level 3 data. Although all the enumerated data values require some level of protection, particular data values are considered more sensitive and correspondingly tighter controls are required for these values. The most critical level of sensitivity begins with Level 1. Levels 1 and level 2 are considered protected levels.

Classification Description Examples

Level 1
Confidential

Level 1 data comprises identity, health and financial data that can lead to serious identity theft if exposed. Disclosure of this information can cause the most serious harm to individuals and to the campus. In most cases, legal statutes, regulation, and other mandates require special handling and protection of such data. In particular, disclosure, modification, transmission, storage or handling of this data is strictly controlled and limited to circumstances when use of the data is essential for campus academic and business processes. Examples of Level 1 data are provided in the following cell.

  • Social Security number and name
  • Birth date (full: mm-dd-yy or partial: mm-dd only)combined with last four of Social Security number and name (any combination or part of first, middle and last)
  • Passwords or credentials
  • Driver’s license number, state identification card, and other forms of national or international identification in combination with name
  • Credit card numbers with cardholder name
  • Bank account or debt card information
  • Medical records related to an individual
  • Psychological Counseling records related to an individual
  • PINs (Personal Identification Numbers)
  • Tax ID with name
  • Vulnerability/security information related to the campus or a system

Level 2
Business Use

Level 2 data comprises data that is available for disclosure, but only under strictly controlled circumstances. Such information must typically be restricted due to proprietary, ethical or privacy considerations. An example of such restrictions is the FERPA guidelines that govern publication and disclosure of student information.  Another example is employee personal information, such as home address and home phone.

  • Birth date (full: mm-dd-yy or partial: mm-dd only) and name (any combination or part of first, middle and last)
  • Mother’s maiden name
  • Educational records (Excludes directory information), including grades, courses taken, schedule, test scores, advising records, educational services received and disciplinary actions
  • Employee personal information including birth date (full: mm-dd-yy or partial: mm-dd only), birthplace (City, State, Country), ethnicity, gender, marital status, home address, personal phone numbers, personal email addresses, parents and other family members names, personal characteristics, physical description, biometric information and photograph
  • Employment history including net salary, payment history, employee evaluations and background investigations
  • Electronic or digitized signatures
  • Legal investigations conducted by the University
  • Sealed Bids
  • Trade secrets or intellectual property such as research activities
  • Locations of assets
  • Linking a person with the specific subject about which the library user has requested information or materials

Level 3
Public

This information is regarded as publicly available. These data values are either explicitly defined as public information (e.g., state employee salary ranges), intended to be readily available to individuals both on- and off- campus (e.g., an employee’s work e-mail address), or not specifically classified elsewhere in the protected data classification standard. Publicly available data may still be subject to appropriate campus review or disclosure procedures to mitigate potential risks of inappropriate disclosure.

  • Sacramento State identification number (Employee ID)
  • User identification (SacLink ID)
  • Student directory information
  • Employee directory Information, including employee title, public email address, work location, telephone number, department, classification, gross salary, name (first, middle, last)
  • Financial budget information
  • Signature (non-electronic)

Back to to Sacramento State Information Security Policy Website

Feedback/Questions/Comments