What Is Restricted Data?

Many of us deal with restricted data every day as part of our job. Whether you’re a system administrator that maintains the systems that house the data, someone processing the data, or the network administrator who maintains the equipment transmitting the information, we each have a responsibility to safe guard restricted data against unauthorized disclosure. The university classifies its data according to a Data Risk Classification Policy.

Restricted Data

Collection, storage and/or transmission of restricted data must be approved by UB's Information Security Office.

Restricted data includes:

  • Social security number (SSN)
  • Driver license number
  • State-issued non-driver ID number
  • Bank/financial account number
  • Credit/debit card number (CCN)
  • HIPAA-regulated PHI in any form (oral, paper, electronic)
  • Passport number
  • University IT authentication credentials
  • Documents protected by attorney-client privilege
  • Donor contact information and non-public gift information
  • Data protected by the Gramm-Leach-Bliley Act (GLBA)
  • Data protected by the Payment Card Industry Data Security Standards (PCIDSS)

Student Education Record Data

Student Education Record Data consists of any student academic information beyond normal directory information (student’s name, address, telephone number, date of birth, place of birth, honors and awards and dates of attendance). However, students can request that their directory information not be disclosed. It’s important to verify whether or not the student has opted out of disclosure before giving out any of that information!

For more information on protecting restricted and/or private  data, see the Protection of University Data Policy. For more information on protected student data, take a look at Department of Education’s FERPA overview.