Skip to content

The University’s data classification standard helps each of us have better awareness and understanding of types of data, potential risks, legal requirements, and best practices. 

Understanding Data and Data Classification

Data is classified into four categories. The definitions are listed below with links to relevant policies and source documentation. More information about these definitions can be found in the DAT01 and in this knowledge base article  

Data Categories

High Risk Data

Inappropriate handling of this data could result in criminal or civil penalties, loss of federal funding, reputational damage, identity theft,  financial loss, invasion of privacy, and/or unauthorized access to this type of information by an individual or many individuals. High Risk data must only be accessed by those specifically authorized. Fines and costs to the university for a data breach can be in the millions of dollars. Examples of High Risk data include:

Sensitive Data

Because of legal, ethical, or other constraints, this data may not be accessed without specific authorization. Only selective access may be granted. The fines and costs to the university for a data breach of this type can be up to a million dollars. Examples of this type of data include:

  • Student Records (FERPA)
  • Employee personal information such as home address, email address, telephone
  • Information covered by a Non-Disclosure Agreement (NDA)
  • Network and System Diagrams and Configuration Documents

Internal Data

Inappropriate handling of Internal data could result in reputational damage for the university, as well as loss of competitive advantage and higher costs for university business processes. Even some data that eventually becomes part of the public record is legally Internal, such as while certain negotiations are ongoing. Access restrictions should be applied accordingly. Examples of Internal data include:

  • Unpublished Research Data
  • Intellectual Property
  • Preliminary drafts, notes, recommendations, memorandum and other records in which opinions are expressed, or policies or actions are formulated
  • Other data not listed by any other restricted classification that is exempted from disclosure under the Illinois Freedom of Information Act (FOIA) - (5 ILCS 140/7)

Public Data

Information that is classified as public information can be freely shared with the public and posted on publicly viewable web pages. All FOIA requests must be submitted via information found here: