Data Classification Levels

Summary

The ITS Research Support team has created five levels of classification for data at 绿帽社. Description and examples for all five data levels can be seen below

Related Information:

Data Levels

Level 1: Public Data (Generally Low to Moderate Risk)

Information that is explicitly approved for public release. The unauthorized disclosure, alteration, or destruction of this data would result in little to no risk. This information can be freely shared, used, and redistributed without repercussions.

Examples:

  • Public website content
  •  Public Directory Information
  • Marketing materials
  • Press releases
  • Course Catalogs
  • Job Postings

Level 2: Internal Data (Generally Low to Moderate Risk)

Information intended for internal use only. While it is not intended for public distribution, its unauthorized disclosure would cause minor inconvenience or minimal damage, but not catastrophic harm. By default, any institutional data not classified as Restricted or Public is often considered Internal.

Examples

  •  Maps and Building Layouts
  •  绿帽社 ID (BNumber)
  • Non-Public Meeting Notes
  • Internal Project Reports
  • Departmental organizational charts
  • Internal training materials (general, non-proprietary)
  • Non-sensitive procurement records (e.g., office supply orders)
  • Facility maintenance schedules
  • Internal newsletters or announcements

Level 3: Confidential Data (Generally Moderate Risk)

Sensitive information that would cause moderate damage to the organization if disclosed without authorization. Access is typically limited to a specific group or department on a need-to-know basis. This category includes information that could cause reputational or financial harm if compromised.

Examples:

  • Unpublished research data
  • Non-public contracts
  • Strategic business plans
  • Internal intellectual property (not constituting a trade secret)
  • Internal financial projections or budgets (non-detailed)
  • Vendor negotiation details
  • Draft policy documents
  • Internal survey results (e.g., employee satisfaction data without identifiers)

Level 4: Restricted Data (Generally Moderate to High Risk)

Highly sensitive information that is often subject to specific legal, regulatory, or contractual requirements. Unauthorized disclosure could result in severe damage, including significant financial loss, legal penalties, or severe reputational harm. This category is a crucial distinction for data that requires stringent controls due to its nature and the potential for misuse.

Examples:

  • Student Financial Information
  • Student Information
  • Student Final Grades
  • Credit Card Numbers
  • Social Security Numbers
  • Personally Identifiable Genetic Information
  • Non-HIPAA Protected Personally Identifiable Healthcare Information
  • Human Subjects Data
  • University Financial Information
  • GPS Location Data

Level 5: Highly Restricted/Secret (Generally Very High Risk)

The most sensitive data class, where unauthorized disclosure or compromise could result in grave or catastrophic harm to the organization or individuals. It is typically reserved for data that is protected by law or regulation and, if compromised, could lead to identity theft, severe legal consequences, or financial ruin.

Examples:

  • Highly Secure "Non-Networked" Data
  • Medicare (CMS) Data
  • NIST 800-171 Controlled Data
  • NIST 800-53 Controlled Data
  • CUI Data
  • CMMC Certified
  • HIPAA Proteceted Personally Identifiable Healthcare Information

Related Information:

Feedback

Encountered any website issues or have comments/questions? Please provide feedback at itsresearchsupport@binghamton.edu