Data Classification

Level 1 – Restricted Data

Data should be classified as Restricted when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the College or its affiliates. The highest level of security controls should be applied to Restricted data. Restricted data is any data that contains personally identifiable information (PII) concerning any individual, as well as any data that contains PII that is regulated by local, state, or Federal privacy regulations.

These regulations may include, but are not limited to:

  • Family Educational Rights and Privacy Act (FERPA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standards (PCI DSS)

Listed below are examples of types of personally identifiable information protected by local, state, or Federal privacy regulations. These examples do not constitute an exhaustive list of all types of information that are protected by local, state, or Federal privacy regulations. 

Examples (note that any of the items below deemed to be Directory Information is not restricted):

  • Address
  • Telephone number
  • College e-mail address
  • Social security number
  • Credit card and debit card numbers
  • Bank account numbers and routing information
  • Driver’s license numbers and state identification card numbers
  • Student education records
  • Student account files
  • Academic advising records
  • Admission files
  • Transcripts (College, High School)
  • Financial Aid applications, student federal work study information, loan information
  • Intercollegiate Athletics reports
  • Residential Life information
  • Personal health information

Level 2 – Internal Use

This classification applies to information protected due to proprietary, ethical, or privacy considerations, even though there may not be a direct statutory, regulatory, or common-law basis for requiring this protection. Internal data is restricted to personnel designated by the College who have a legitimate business purpose for accessing such data. Examples include institutional survey data and enrollment projection data.

 Information may be classified as Internal Use if it meets at least one of the criteria below:

  1. Sensitive Nature of Data
    Information that must be protected due to proprietary, ethical, contractual or privacy considerations.
  2. Exposure Poses a Moderate Risk
    Information that may not be specifically protected by statute, regulations, or other legal obligations or mandates but for which unauthorized use, access, disclosure, acquisition, modification, loss, or deletion of could cause financial loss, damage to the college’s reputation, violate an individual’s privacy rights, or subject the institution to legal action.

Examples of Confidential information include but are not limited to:

Identity Validation Keys (name with)

  • Birth date (full: mm-dd-yy)
  • Birth date (partial: mm-dd only)

Employee Information

  • Employee net salary
  • Home address
  • Personal telephone numbers
  • Personal email address
  • Payment history
  • Employee evaluations
  • Pre-employment background investigations
  • Mother’s maiden name
  • Race and ethnicity
  • Sexual orientation
  • Parents’ and other family members’ names
  • Birthplace (City, State, Country)
  • Gender
  • Marital status
  • Physical description
  • Other

Student Information — Educational Records not defined as “directory” information as defined in FERPA and AR 5040, typically:

  • Grades
  • Courses taken
  • Schedule
  • Test Scores
  • Advising records
  • Educational services received
  • Disciplinary actions
  • Student photo

Various Identifiers — Educational Records not defined as “directory” information as defined in FERPA and AR 5040, typically:

  • Photo (taken for identification purposes)
  • Library circulation information
  • Trade secrets or intellectual property such as research activities
  • Location of critical or protected assets
  • Licensed software
  • Vulnerability/security information related to a COLLEGE/DISTRICT or system
  • District or college attorney-client communications

 Level 3 – General

Access to “Public” institutional data may be granted to any requester. Public data are not considered confidential. The integrity of public data must be protected, and the appropriate owner must authorize replication of the data. Examples include institutional statistics that appear in publications, academic course descriptions, directory information, public information request data.

State Center Community College District Logo
State Center Community College District Logo
1171 Fulton Street

Fresno CA 93721
Phone:

(559) 243-7100
Toll Free:

866-24-LEARN (53276)
Join Facebook Join X Join YouTube
District
Bids
Timely Warnings
Clery Report
Daily Crime Log
District Police
Bond Measures
Jobs
Parking
Title IX
Whistleblower Information
Campuses
Fresno City College
Reedley College
Clovis Community College
Madera Community College
Madera Community College at Oakhurst
Career & Technology Center
Progress & Performance
Accreditation
Accessibility
Associate Degree For Transfer
Student Success Metrics
Gainful Employment
Net Price Calculator