This article provides guidelines on sensitive information for TDX users.
Information
“Sensitive Information” is a label covering many types of data. The Information Classification Standard describes four “tiers” of information. Tier 2 and 3 are “sensitive” information.
Some Tier 2 and 3 information is in defined categories because it is covered by a specific law, regulation, or industry standard. These include:
- Personally Identifying Information, as defined by the North Carolina Identity Theft Protection Act of 2005
- Protected Health Information, as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Student education records, as defined by the Family Educational Rights and Privacy Act (FERPA)
- Customer record information, as defined by the Gramm Leach Bliley Act (GLBA)
- Confidential personnel information, as defined by the State Personnel Act
- Information that is deemed to be confidential in accordance with the North Carolina Public Records Act
If you have access to sensitive information because of your role with the University, you share a responsibility to protect that information. If you are unsure whether information you have is “sensitive” there are people responsible for Data Governance who can help. The Data Governance Oversight Group can provide guidance. Information on University Data Governance is available at Data Governance at UNC.
If you believe that University sensitive information may be compromised, call 919-962-HELP and request a critical ticket for an Information Security Analyst.
If you have questions about how to appropriately secure information, you can consult your Information Security Liaison. Information is available on the University SafeComputing web site to help with specific topics. The University’s Privacy Office is a good resource for information on many types of sensitive information.