All college data are classified into levels of sensitivity to provide a basis for understanding and managing college data. Accurate classification provides the basis to apply an appropriate level of security to college data. These classifications take into account the legal protections, contractual agreements, ethical considerations, or strategic or proprietary worth. They also consider the application of “prudent stewardship,” where there is no reason to protect the data other than to reduce the possibility of harm or embarrassment to individuals or to the institution.

The classification level assigned to data will guide Data Trustees, Data Stewards, Data Administrators, and Data Users in the security protections and access authorization mechanisms appropriate for that data. Such categorization encourages the discussion and subsequent full understanding of the nature of the data being displayed or manipulated.

Restricted

College data classified as Restricted include:

1. Data protected specifically by federal or state law
2. Data protected by college policy
3. Data elements identified by the college as sensitive or confidential, even if not governed by external legal or regulatory requirements.

Examples

• Personally Identifiable Information (PII), including:
  • Social security number
  • Driver’s license number
  • Credit card numbers
  • Bank account numbers
  • User account passwords
• Date of birth
• Student education records and applications
• Salary data
• Financial aid data
• Passport and visa numbers
• Health information, including Protected Health Information 
• Health insurance policy numbers
• Donor contact information and non-public gift information

Internal

College data are classified as Internal if they are not considered to be Restricted, and:

1. The data is not generally available to the public, and
2. The data is protected due to proprietary, ethical, or privacy considerations, even though there may not be a direct regulatory or common-law basis for requiring this protection.

Examples

• Student Directory Information
• Institutional survey data
• Enrollment projection data
• Engineering, design, and operational information regarding Bates infrastructure
• Contracts
• Unpublished research data (at data owner’s discretion)
• Internal memos and email

Public

College data not otherwise identified as Internal or Restricted and:

1. The data is intended for public disclosure, or
2. The loss of data would have no adverse impact on our mission, finances, or reputation.

Examples

• Institutional statistics
• Academic course descriptions
• Information authorized to be available on Bates’ website without requiring Bates authentication (e.g., staff/faculty directory)
• Maps, newsletters, newspaper and magazines
• Common Data Set
• Bates Facts

---

Last updated: November 2024