Sensitive data is defined as information that is protected against unwarranted disclosure. Not all of the information is sensitive, but data that is sensitive is protected by Indiana or federal law and by university policy. Protection of sensitive data may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations.
The following list is protected by state and federal law and university policy, but because context does play a role in data sensitivity it is not exhaustive.
Sensitive information includes all data, in its original and duplicate form, which contains:
• Personal Identifiable Information (PII), as defined by Indiana state legislation laws
• Protected Health Information, as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Student education records, as defined by the Family Educational Rights and Privacy Act (FERPA)
• Customer record information, as defined by the Gramm Leach Bliley Act (GLBA)
• Communications being made, are in transit, and when they are stored on computers, as defined by the Electronic Communications Privacy Act of 1986 (ECPA)
• Card holder data, as defined by the Payment Card Industry (PCI) Data Security Standard
• Information that is deemed to be confidential in accordance with the Indiana Access to Public Records
Sensitive data also includes any information that is protected by university policy from unauthorized access. Examples of sensitive information may include, but are not limited to, some types of research data (such as research data that is personally identifiable or proprietary), public safety information, financial donor information, information concerning select agents, system access passwords, information security records, and information file encryption