UW Privacy Office

Data Classifications

The UW Privacy Office oversees and manages the classification of data to support the UW in meeting the privacy principle of due care.  The following categories for classifying data are intended to help UW units clarify and prioritize the minimum privacy and information security protections:

We work closely with subject matter experts, compliance experts, and the UW division of the Attorney General’s Office to classify as “UW Confidential” data elements that are very sensitive in nature and typically subject to federal or state regulations. Unauthorized disclosure of this information could seriously and adversely impact the University or the interests of individuals and organizations associated with the University.

When it is determined that data elements aren’t UW confidential, we work closely with the UW data custodians to classify as “Restricted” data that is circulated on a need-to-know basis or sensitive enough to warrant careful management and protection.

When it’s determined that data elements are neither confidential or restricted, we work closely with the relevant units to classify as “Public” those data sets that will be published for public use or have been approved for general access by the appropriate University authority.

Relevant UW Policies

UW Confidential

Examples include, but are not limited to:

  • Attorney/client privileged records
  • Certain affirmative action related data
  • Computer account passwords
  • Donor information
  • Employee information
  • EU GDPR – Any identifier, such as name, ID, location data, online identifier; or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. 
  • Export Controls (e.g., EAR, ITAR)
  • FERPA – individual student records
  • Gramm-Leach-Bliley (GLB) protected information
  • HIPAA – protected data when associated with a health record
  • Information required to be protected by contract
  • Library use records
  • Restricted police records (e.g., victim information, juvenile records)
  • Trade secrets, intellectual, and/or proprietary research information
  • Vendor non-disclosure agreements

Restricted

Examples include, but are not limited to:

  • Critical infrastructure blueprints or schematics
  • Location of assets
  • Parking permits
  • Proprietary research
  • Specific physical security measures
  • Specific technical security measures
  • UW employee business-related email (including student employees, but only their work-related email)

Public

Examples include, but are not limited to:

  • Employee email addresses (with special exceptions)
  • Employee work locations (with special exceptions)
  • Employee work phone numbers (with special exceptions)
  • UW business records
  • Value and nature of fringe benefits