Data classification establishes a framework to allow OSU to comply with federal and state laws, regulations, and policies associated with information security, and to protect the confidentiality, integrity, and availability of university data.  University data is classified into three categories:  Confidential Information, Sensitive Information, and Unrestricted Information. 

Confidential Information 

Confidential information is the most restrictive information classification.  This classification pertains to information that could have serious negative consequences to the university or individuals if compromised or disclosed to those lacking appropriate approvals for access. Examples of this classification of information are as follow:

  • Social Security Number
  • Driver’s License/State-issued Identification Number
  • Visa/Passport Number
  • Credit Card Number
  • Bank Account Number
  • Health Insurance Policy Number
  • Income Tax Records
  • Personally Identifiable Health Information, including Personally Identifiable Genetic Information
  • Classified Research Data
  • Personal Finance Disclosure/Information
  • Information collected for FAFSA
  • Controlled Unclassified Information (CUI)
  • Identifiable Human Subjects Research Data designated as Level 3 by the Institutional Review Board (IRB)
  • Research Data with Export Control/ITAR limitations
Sensitive Information

Sensitive Information is data that is commonly used to conduct OSU business, which by its nature or regulation, may have legal and/or generally expected obligations for non-disclosure outside of authorized individuals. Examples of sensitive information are:

  • Data defined as confidential by the Family Educational Rights and Privacy Act (FERPA)
  • Employment Applications
  • Employee Performance Evaluations
  • Confidential Donor Information
  • Identifiable Human Subjects Research Data designated as Level 2 by the IRB
  • Minutes from Confidential Meetings
  • Accusations of Misconduct and records from investigations
  • Common Identifiers: Date of Birth, Place of Birth, Mother’s Maiden Name
  • Demographic Information such as race, ethnicity, gender, sexual orientation or identity when personally identifiable
  • Admission applications
  • Privileged Attorney-Client Communications
  • ID Photos
Unrestricted Information

Unrestricted Information is data intended for appropriate general use within the university:

  • Directory Information
  • Website pages
  • Syllabi
  • Schedule of Classes