3.1 Data Classification Categories
188.8.131.52 Restricted data is the most sensitive category of information. The consequences of the loss of confidentiality are grave.
184.108.40.206 Restricted data shall be maintained in accordance with the Liberty University Data Handling Policy (published separately) to provide sufficient protection at all times, whether in transit or at rest.
220.127.116.11 Examples include data such as Health Care Information (HCI) and credit card full stripe data. More detailed guidance shall be provided below.
3.1.2 Limited Access
18.104.22.168 Limited Access data is information intended for Liberty University employees and designated individuals only (such as contractors). The consequences of the loss of confidentiality are serious.
22.214.171.124 Limited Access data shall be maintained in accordance with the Liberty University Data Handling Policy.
126.96.36.199 Examples include FERPA‐protected data, Social Security Numbers (SSNs), proprietary information, and intellectual property. Additional guidance shall be provided below.
3.1.3 Internal Use
188.8.131.52 Internal Use data is information intended for internal use for Liberty Students, Faculty and Staff, but that may be subject to open records disclosure. The consequences of loss of confidentiality are minimal.
184.108.40.206 Internal Use data shall be maintained in accordance with the Liberty University Data Handling Policy.
220.127.116.11 Examples include general correspondence and e-mails, budget plans, FERPA directory information, internal Liberty event information, and so forth. Additional guidance shall be provided below.
18.104.22.168 Public data is not sensitive and is generally available to anyone. The consequences of the loss of confidentiality are non‐existent.
22.214.171.124 Public data still requires controls for integrity and availability that shall be maintained in accordance with the Liberty University Data Handling Policy.
126.96.36.199 Examples include general university announcements, public policies, and University points of contact information. Additional guidance shall be provided below.
3.2.1 Data Ownership and Classification
188.8.131.52 The Data Owner is the person or department responsible for classifying the data as Public, Internal Use, Limited Access, or Restricted.
184.108.40.206 The Data Owner is usually the person or department that creates the data. For example:
220.127.116.11.1 The Human Resources Department would classify data generated by that department or data generated through Human Resources processes (e.g. job applications).
18.104.22.168.2 The Center for Curriculum Development would typically determine the classification for the course information and data developed for the University.
22.214.171.124.3 The CIO is accountable for designating personnel to classify data generated by Information Technology (IT).
126.96.36.199 Some data is classified regardless of data owner in compliance with federal or state laws or private organizations that protection of their data in use by Liberty University. For example:
188.8.131.52.1 Payment Card Industry (PCI) Data Security Standard (DSS) defines credit card information that must be protected, such as the Primary Account Number (PAN), full magnetic stripe data or equivalent
on a chip, the security code (CAV2, CVC2, CVV2, CID), and the owner’s PINs or PIN blocks. The PAN and sensitive PCI data is classified as Restricted.
184.108.40.206.2 Family Education Rights and Privacy Act (FERPA) defines Personally Identifiable Information (PII), which is classified as Limited Access; and directory information, which is classified as Public. Note that a student may opt out of publishing his or her information as directory information, in which case their data would remain Limited Access.
220.127.116.11.3 Massachusetts Social Security Number Privacy Act 454 of 2004 requirements necessitates classifying Social Security Numbers (SSNs) as Limited Access information.
3.2.1 Mandatory Data Classifications
18.104.22.168 Passwords to access Liberty University network accounts and associated resources are classified as Restricted.
22.214.171.124 Secure configuration files and data sets for Information Technology (IT) servers, routers, and other networking equipment are Limited Access.
126.96.36.199 Security Audit Logs for IT servers, routers, and other networking equipment are Limited Access.
188.8.131.52 Third‐party proprietary data shall be classified as Limited Access.
184.108.40.206 Health Insurance Portability & Accountability Act (HIPAA) defined data is classified as Restricted.
220.127.116.11 Payment Card Industry Data Security Standard (PCI DSS) Primary Account Number (PAN) and sensitive data is classified as Restricted.
18.104.22.168 The following student information is governed as Student Record Data and is classified as Limited Access in accordance with FERPA guidelines:
22.214.171.124.1 Liberty University ID#
126.96.36.199.2 Social Security Number
188.8.131.52.4 Nationality / Ethnicity
184.108.40.206.5 Parent/Guardian Address/Phone
220.127.116.11.6 Emergency Contact Information
18.104.22.168.7 Individual Class Schedule and Locations
22.214.171.124.8 Financial Aid Information
126.96.36.199.9 Grades/Exam Scores
188.8.131.52.10 Grade Point Average
184.108.40.206.12 Library Transactions
220.127.116.11 The following student information is declared as Directory Information in accordance with http://www.liberty.edu/academics/registrar/index.cfm?PID=14819. Directory Information is classified as Internal Use. Directory information may be classified as Limited Access in cases where a student has requested non‐disclosure.
18.104.22.168.1 Full Name
22.214.171.124.2 Address – including e‐mail address
126.96.36.199.3 Telephone Numbers
188.8.131.52.4 Date and Place of Birth
184.108.40.206.5 Program of Study/Campus
220.127.116.11.6 Dates of Attendance
18.104.22.168.8 Height and Weight of Student Athletes
22.214.171.124.9 Participation in Officially Recognized Activities and Sports
126.96.36.199.10 Degrees and Awards Received
188.8.131.52.11 Most Recent Previous Education Institution or Agency Attended
184.108.40.206.12 Current Enrollment Status
220.127.116.11 Human Resources (HR) protected employee information is classified as follows:
18.104.22.168.1 Full Name: Public
22.214.171.124.2 Liberty ID#: Limited Access
126.96.36.199.3 Social Security Number/Taxpayer ID: Limited Access
188.8.131.52.4 Date of Birth: Limited Access
184.108.40.206.5 Home Address: Limited Access
220.127.116.11.6 Home Phone Number: Limited Access
18.104.22.168.7 Health Information: Restricted
22.214.171.124.8 Work Phone Number / FAX Number: Public
126.96.36.199.9 Liberty Email‐Address: Internal Use
188.8.131.52.10 Performance Reviews & Evaluations: Limited Access
184.108.40.206.11 Gender: Public
220.127.116.11.12 Race / Ethnicity: Internal Use
There are no penalties for non‐compliance to document classification, though there are consequences for willful improper handling of Restricted, Limited Access, and Internal Use information, as specified in the Acceptable Use Policy (IS020121).