Data Classifications: Highly Restricted, Restricted and Low

Summary

What Minnstate considers Confidential, Protected Private or Public data

Body

 

What Types of Data Does Minnesota State (MnSCU) Consider Confidential, Protected, or Public?

Overview

St. Cloud State University, as part of Minnesota State, follows a data classification framework to ensure appropriate handling of institutional data. This framework helps determine how data should be stored, accessed, and shared based on its sensitivity.

Why Data Classification Matters

Classifying data ensures:

  • Proper security controls are applied
  • Legal and contractual obligations are met
  • Risks of data breaches are minimized

Refer to the End User Data Storage and Sharing Recommendations for guidance on handling each data type.

Data Classification Levels

🔒 Highly Restricted Data

Definition: Data that must be tightly controlled due to legal, contractual, or security reasons. Unauthorized access could lead to identity theft or significant harm.

Examples:

  • Social Security numbers
  • Credit/debit card and bank account numbers
  • Medical and health insurance information (HIPAA-covered)
  • Biometric data
  • IT system credentials
  • Trade secrets under NDA
  • Non-public investigation data
  • Security/access codes or passwords

🔐 Restricted Data

Definition: Sensitive data that isn’t classified as highly restricted but still requires limited access. Disclosure may require breach notification or violate privacy laws.

Examples:

  • Student records (grades, transcripts, financial aid, etc.)
  • Suppressed student directory information
  • Faculty/staff personnel files and applications
  • Donor contact and gift information
  • Attorney-client privileged communications
  • Internal memos, non-public reports, and financial data
  • Driver’s license numbers
  • Student and employee ID numbers (non-directory)
  • Business continuity and disaster recovery plans
  • Security information (Minn. Stat. § 13.37)

🔓 Low (Public) Data

Definition: Data that is legally public and can be shared openly.

Examples:

  • Employee name, title, salary, and work contact info
  • Public student directory information (unless suppressed)
  • Course catalogs and schedules
  • Budgets, invoices, and purchase orders
  • Published research and statistical summaries
  • Campus maps and job postings
  • Public website content (not requiring login)

Need Help?

If you're unsure how to classify or handle specific data, contact your department’s data steward or IT security team.

 

Submit a request for help

 

Details

Details

Article ID: 119563
Created
Mon 11/2/20 2:53 PM
Modified
Wed 5/21/25 3:56 PM

Related Articles

Related Articles (4)

Parent Information
Information on student privacy
Release of Information (ROI)
Provide permission to someone other than you about your financial aid or bill.
Restricting Release of Information
Information on restricting a ROI
Technology Policies & Guidelines
What are SCSU's technology policies/guidelines?

Related Services / Offerings

Related Services / Offerings (2)

Data Integration Request
Request data be integrated into an application or data warehouse used at St. Cloud State University.
Request IT Security Assistance for Confidential Matters
Request IT security assistance for confidential matters including but not limited to investigations, litigation, hold requests, compliance (HIPAA, PCI, etc.), requests for confidential information