3.1 Data Classification Categories
126.96.36.199 Restricted data is the most sensitive category of information. The consequences of the loss of confidentiality are grave.
188.8.131.52 Restricted data shall be maintained in accordance with the Liberty University Data Handling Policy (published separately) to provide sufficient protection at all times, whether in transit or at rest.
184.108.40.206 Examples include data such as Health Care Information (HCI) and credit card full stripe data. More detailed guidance shall be provided below.
3.1.2 Limited Access
220.127.116.11 Limited Access data is information intended for Liberty University employees and designated individuals only (such as contractors). The consequences of the loss of confidentiality are serious.
18.104.22.168 Limited Access data shall be maintained in accordance with the Liberty University Data Handling Policy.
22.214.171.124 Examples include FERPA‐protected data, Social Security Numbers (SSNs), proprietary information, and intellectual property. Additional guidance shall be provided below.
3.1.3 Internal Use
126.96.36.199 Internal Use data is information intended for internal use for Liberty Students, Faculty and Staff, but that may be subject to open records disclosure. The consequences of loss of confidentiality are minimal.
188.8.131.52 Internal Use data shall be maintained in accordance with the Liberty University Data Handling Policy.
184.108.40.206 Examples include general correspondence and e-mails, budget plans, FERPA directory information, internal Liberty event information, and so forth. Additional guidance shall be provided below.
220.127.116.11 Public data is not sensitive and is generally available to anyone. The consequences of the loss of confidentiality are non‐existent.
18.104.22.168 Public data still requires controls for integrity and availability that shall be maintained in accordance with the Liberty University Data Handling Policy.
22.214.171.124 Examples include general university announcements, public policies, and University points of contact information. Additional guidance shall be provided below.
3.2.1 Data Ownership and Classification
126.96.36.199 The Data Owner is the person or department responsible for classifying the data as Public, Internal Use, Limited Access, or Restricted.
188.8.131.52 The Data Owner is usually the person or department that creates the data. For example:
184.108.40.206.1 The Human Resources Department would classify data generated by that department or data generated through Human Resources processes (e.g. job applications).
220.127.116.11.2 The Center for Curriculum Development would typically determine the classification for the course information and data developed for the University.
18.104.22.168.3 The CIO is accountable for designating personnel to classify data generated by Information Technology (IT).
22.214.171.124 Some data is classified regardless of data owner in compliance with federal or state laws or private organizations that protection of their data in use by Liberty University. For example:
126.96.36.199.1 Payment Card Industry (PCI) Data Security Standard (DSS) defines credit card information that must be protected, such as the Primary Account Number (PAN), full magnetic stripe data or equivalent
on a chip, the security code (CAV2, CVC2, CVV2, CID), and the owner’s PINs or PIN blocks. The PAN and sensitive PCI data is classified as Restricted.
188.8.131.52.2 Family Education Rights and Privacy Act (FERPA) defines Personally Identifiable Information (PII), which is classified as Limited Access; and directory information, which is classified as Public. Note that a student may opt out of publishing his or her information as directory information, in which case their data would remain Limited Access.
184.108.40.206.3 Massachusetts Social Security Number Privacy Act 454 of 2004 requirements necessitates classifying Social Security Numbers (SSNs) as Limited Access information.
3.2.1 Mandatory Data Classifications
220.127.116.11 Passwords to access Liberty University network accounts and associated resources are classified as Restricted.
18.104.22.168 Secure configuration files and data sets for Information Technology (IT) servers, routers, and other networking equipment are Limited Access.
22.214.171.124 Security Audit Logs for IT servers, routers, and other networking equipment are Limited Access.
126.96.36.199 Third‐party proprietary data shall be classified as Limited Access.
188.8.131.52 Health Insurance Portability & Accountability Act (HIPAA) defined data is classified as Restricted.
184.108.40.206 Payment Card Industry Data Security Standard (PCI DSS) Primary Account Number (PAN) and sensitive data is classified as Restricted.
220.127.116.11 The following student information is governed as Student Record Data and is classified as Limited Access in accordance with FERPA guidelines:
18.104.22.168.1 Liberty University ID#
22.214.171.124.2 Social Security Number
126.96.36.199.4 Nationality / Ethnicity
188.8.131.52.5 Parent/Guardian Address/Phone
184.108.40.206.6 Emergency Contact Information
220.127.116.11.7 Individual Class Schedule and Locations
18.104.22.168.8 Financial Aid Information
22.214.171.124.9 Grades/Exam Scores
126.96.36.199.10 Grade Point Average
188.8.131.52.12 Library Transactions
184.108.40.206 The following student information is declared as Directory Information in accordance with http://www.liberty.edu/academics/registrar/index.cfm?PID=14819. Directory Information is classified as Internal Use. Directory information may be classified as Limited Access in cases where a student has requested non‐disclosure.
220.127.116.11.1 Full Name
18.104.22.168.2 Address – including e‐mail address
22.214.171.124.3 Telephone Numbers
126.96.36.199.4 Date and Place of Birth
188.8.131.52.5 Program of Study/Campus
184.108.40.206.6 Dates of Attendance
220.127.116.11.8 Height and Weight of Student Athletes
18.104.22.168.9 Participation in Officially Recognized Activities and Sports
22.214.171.124.10 Degrees and Awards Received
126.96.36.199.11 Most Recent Previous Education Institution or Agency Attended
188.8.131.52.12 Current Enrollment Status
184.108.40.206 Human Resources (HR) protected employee information is classified as follows:
220.127.116.11.1 Full Name: Public
18.104.22.168.2 Liberty ID#: Limited Access
22.214.171.124.3 Social Security Number/Taxpayer ID: Limited Access
126.96.36.199.4 Date of Birth: Limited Access
188.8.131.52.5 Home Address: Limited Access
184.108.40.206.6 Home Phone Number: Limited Access
220.127.116.11.7 Health Information: Restricted
18.104.22.168.8 Work Phone Number / FAX Number: Public
22.214.171.124.9 Liberty Email‐Address: Internal Use
126.96.36.199.10 Performance Reviews & Evaluations: Limited Access
188.8.131.52.11 Gender: Public
184.108.40.206.12 Race / Ethnicity: Internal Use
There are no penalties for non‐compliance to document classification, though there are consequences for willful improper handling of Restricted, Limited Access, and Internal Use information, as specified in the Acceptable Use Policy (IS020121).