The Data Classification Policy applies to anyone handling UW-Madison data.
In addition to the information identified below, there are times when a data field is not considered sensitive when used alone but may be so when paired with other data. An example is date of birth. Date of birth is not considered sensitive when it stands alone but if it is available along with social security number and name it is considered sensitive.
Sensitive information may be subject to disclosure under certain circumstances. The University appropriately seeks to maintain systems that protect sensitive information in order to meet a variety of goals.
The data types listed below are those identified as of 6/22/2010.1
Sensitive Information means:
Institutional Data that could, by itself or in combination with other such Data, be used for identity theft, fraud, or other crimes, including but not limited to,
Protected health information (any information about the health status, provision of health care, or payment for health care) (except workmans comp)
Other Data Types:
Institutional Data whose public disclosure is restricted by law, contract, University policy, professional code, or practice within the applicable unit, discipline, or profession, including but not limited to:
University and personal security measures, including but not limited to,
Institutional Data whose value would be lost or reduced by disclosure in advance of the time prescribed for its authorized public release, or whose disclosure would otherwise adversely affect the University financially, including but not limited to,
Please address questions or comments to email@example.com.
1 The definitions in this document are directly derived from work done at the Michigan State University. Our thanks to them for allowing us to use their work.
2 Restricted Data includes Personal Identifying Information (PII) as specified in Wisconsin’s data Breach Notification Law (statute Section 134.98), plus Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). Sensitive Information includes Restricted Data, but Restricted Data receives additional protection.