Reaching Others University at Buffalo - The State University of New York
Skip to Content
UBIT SECURITY ALERT, 7/18/14:
Phishing attempt targets UB accounts

What is Sensitive Data?

Many of us deal with sensitive data every day as part of our job. Whether you’re a system administrator that maintains the systems that house the data, someone processing the data, or the network administrator who maintains the equipment transmitting the information, we each have a responsibility to safe guard sensitive data against unauthorized disclosure.

Regulated Private Data

Collection, storage and/or transmission of regulated private data must be approved by UB's Information Security Office.

Regulated private data includes:

  • Social Security Number
  • State-issued driver’s license number or non-driver ID number
  • Credit or debit card number, or any other financial account number
  • Computer access protection data such as username/password combinations
  • Medical and health related data

Personally Identifable Information (PII)

Personally Identifiable Information (PII) is data that can be used to identify a person and either locate and contact them, or steal their identity.

Personally Identifiable Information (PII) includes:

  • Mother's maiden name
  • Date of birth
  • Place of birth
  • Social Security Number

Student Education Record Data

Student Education Record Data consists of any student academic information beyond normal directory information (student’s name, address, telephone number, data and place of birth, honors and awards and dates of attendance). However, students can request that their directory information not be disclosed. It’s important to verify whether or not the student has opted out of disclosure before giving out any of that information!

UB's data is also governed by more specialized regulations, such as HIPAA (Health Insurance Portability and Accountability Act), PCIDSS (Payment Card Industry Data Security Standard) and GLBA (Gramm–Leach–Bliley Act). However, these are isolated to specific business units or decanal areas and don’t apply to the general University population.

For more information on protecting regulated private data, see the UB Standards for Securing Regulated Private Data. For more information on protected student data, take a look at Department of Education’s FERPA overview.

Did This Page Answer Your Question?

(Required)
 
Email, UBITName or phone number
(Required)
Enter the letters or numbers you see below in the space provided. Click "Get a new challenge" if they are not readable.