Data at App State

Confidential

  1. Home
  2. Classification
  3. Confidential

What is Confidential Data?

Some information is especially sensitive and is classified as confidential, requiring the highest level of protection. This information requires special care and handling, especially when inappropriate handling of this data could result in

  • criminal or civil penalties, 
  • identity theft, 
  • personal financial loss, 
  • invasion of privacy and/or 
  • unauthorized access to this type of information by an individual or many individuals. 

For example, all personally identifiable student education records, including grades, are sensitive and require reasonable levels of protection.

Note: Usually, a critical information element needs to be accompanied by an individual’s name in order to result in harm due to inappropriate handling, but not always.

Confidential Data Elements

Data classifies as Confidential if containing any of the following elements:

  • Alien or immigration ID# 
  • Bank account # or password 
  • Beneficiary information 
  • Biometric information 
  • Birthdates 
  • Criminal investigation or police record 
  • Disability information 
  • Drivers license 
  • Employee HR file information 
  • Fingerprints 
  • Medical records 
  • Mother's maiden name 
  • Passport number 
  • Payment card number 
  • Payment card magnetic strip information 
  • Payment card PIN 
  • Private contributor records 
  • Social security number 
  • Student loan number
Data Element Storage & Sharing

Guidance for individual data elements that must be treated as Confidential or Sensitive.

Learn more

Storage & File Exchange

Secure

Approved Storage

App State confidential data should only be stored on authoritative data sources or approved storage solutions. At a shared services level, this includes:

Secure Exchange

App State confidential data should only use approved file-sharing solutions:

Unsecure Methods

Confidential data should NEVER be stored or shared via:

  • Email, instant messaging, social networks, P2P solutions
  • App State-owned PCs or Laptops 
    • Can be used to upload or access data but not long terms storage or direct file-sharing
  • Removable media (thumb drives, external hard drives)
  • Any cloud storage solutions (Google Drive, SkyDrive, Amazon Drive, Dropbox, etc)
  • Any personal computer devices (including smartphones)

Confidential Classification

Confidential data often have these attributes:

  • Protection of this data is prescribed within legal and/or contractual requirements.
  • Not considered a public record subject to disclosure (G.S. 132).
  • Handling of this data is addressed by detailed data security requirements.

Compliance Areas

Questions

If you are unsure whether you need to apply special care and handling to the information elements and assets you use, contact security@appstate.edu