Confidential Information is information maintained by the University that is exempt from disclosure under the provisions of the California Public Records Act or other applicable state or federal laws. Confidential information is information whose unauthorized use, access, disclosure, acquisition, modification, loss, or deletion could result in severe damage to the CSU, its students, employees, or customers. Financial loss, damage to the CSU’s reputation, and legal action could occur. Level 1 information is intended solely for use within the CSU and limited to those with a “business need-to know.” Statutes, regulations, other legal obligations or mandates protect much of this information. Disclosure of Level 1 information to persons outside of the University is governed by specific standards and controls designed to protect the information.
Examples
Passwords or credentials
PINs (Personal Identification Numbers)
Birth date combined with last four digits of SSN and name
Credit card numbers with cardholder name
Tax ID with name
Driver’s license number, state identification card, and other forms of national or international identification (such as passports, visas, etc.) in combination with name
Social Security number and name
Health insurance information
Medical records related to an individual
Psychological Counseling records related to an individual
Bank account or debt card information in combination with any required security code, access code, or password that would permit access to an individual's financial account
Biometric information
Electronic or digitized signatures
Private key (digital certificate)
Vulnerability/security information related to a campus or system
Attorney/client communications
Legal investigations conducted by the University
Third party proprietary information per contractual agreement
Sealed bid
Some law enforcement records related to an individual
Internal use information is information which must be protected due to proprietary, ethical, or privacy considerations. Although not specifically protected by statute, regulations, or other legal obligations or mandates, unauthorized use, access, disclosure, acquisition, modification, loss, or deletion of information at this level could cause financial loss, damage to the CSU’s reputation, violate an individual’s privacy rights, or make legal action necessary.
Examples
Identity Validation Keys (name with)
• Birth date (full: mm-dd-yy)
• Birth date (partial: mm-dd only)
Student Information-Educational Records (Excludes directory information) including:
− Grades
− Courses taken
− Schedule
− Test Scores
− Advising records
− Educational services received
− Disciplinary actions
Important Note: Non-directory student information may not be
released except under certain prescribed conditions
Employee Information
Including:
• Employee net salary
• Employment history
• Home address
• Personal telephone numbers
• Personal email address
• Payment History
• Employee evaluations
• Background investigations
• Mother’s maiden name
• Race and ethnicity
• Parents and other family members names
• Birthplace (City, State, Country)
• Gender
• Marital Status
• Physical description
• Photograph
Other
• Library circulation information.
• Trade secrets or intellectual property such as research activities
• Location of critical or protected assets
• Licensed software
Updated by Barry Blackburn on February 7, 2009