Skip to main content

SAMPLE LIST OF LEVEL ONE DATA

Updated January 2016


This document intent is to provide an expanded list of representative examples of data classified as Category One (Level 1) data. This list is provided to help Custodians, Users, Managers, and Information Service Providers, (as defined in Boise State Policy 8060 “Information Privacy and Data Security) with a method for evaluating the level of protection required for their systems and should not be considered as an all-inclusive list.

NOTE: Social Security Numbers may only be stored on only authorized systems, such as the payroll system. They are released only as required by law; for example, to the IRS for tax purposes.
This list is not all-inclusive, and it does not cover the release of information.

Patient Medical/Health Information (HIPAA)

The following information is considered confidential:

  • Social security number
  • Patient names, street address, city, county, zip code, telephone / fax numbers
  • Dates (except year) related to an individual, account / medical record numbers, health plan beneficiary numbers
  • Personal vehicle information
  • Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses
  • Access device numbers (ISO number, building access code, etc.)
  • Biometric identifiers and full face images
  • Any other unique identifying number, characteristic, or code
  • Payment Guarantor’s information
  • Health status and provision of health care

Student Records (FERPA) – Contact the Registrar’s Office for more detail

The following information is considered confidential. This applies to both enrolled and prospective student data.

  • Social security number
  • Student number
  • Grades (including test scores, assignments, class grades and GPA)
  • Location of courses
  • Parent’s name and address
  • Gender
  • Credit hours earned
  • Probation/Dismissal status
  • Previous institutions attended
  • Student financials, credit cards, bank accounts, wire transfers, payment history, financial aid/grants, student bills, holds(service indicators)
  • Access device numbers (ISO number, building access code, etc.)
  • Biometric identifiers

Note that for enrolled students, the following data may be revealed by the university without student consent unless the student designates otherwise:

  • Mailing address and phone number
  • Electronic mail address
  • Date of birth
  • Full-time/Part-time status
  • Class standing
  • Major and minor plans
  • Degree(s) earned and date(s) degree was earned

Donor/Alumni Information

The following information is considered confidential:

  • Social security number
  • Name
  • Personal financial information
  • Family information
  • Medical information
  • Credit card numbers, bank account numbers, amount / what donated
  • Telephone / fax numbers, e-mail, URLs

Research Information (Granting Agency Agreements, Other . . .)

The following information is considered confidential:

  • Human subject information
  • Sensitive research data

Employee Information

The following employee information is considered confidential:

  • Social security number
  • Personal financial information, including income levels and sources
  • Insurance benefit information
  • Access device numbers (ISO number, building access code, etc.)
  • Biometric identifiers
  • Family information, home address, and home phone number may be revealed unless restricted by the employee.

Please note: Information considered public, such as employee names, birth dates, salary, and performance review information, would be released only under an open records request.

Business/Vendor Data (Gramm-Leach-Bliley Act, Non-Disclosure agreement)

The following information is considered confidential:

    • Vendor social security number
    • Credit card information
    • Contract information (between Boise State and a third party)
    • Access device numbers (ISO number, building access code, etc.)
    • Biometric identifiers
    • Certificate / license numbers, device IDs and serial numbers, e-mail, URLs, IP addresses

Other Institutional Data (Gramm-Leach-Bliley Act, Other Considerations)

The following information is considered confidential:

      • Information pertaining to the University Advancement Office
      • Financial records
      • Contracts
      • Physical plant detail
      • Credit card numbers
      • Certain management information
      • Critical infrastructure detail
      • User account passwords

Payment Card Industry Data Security Standard

      • Social security number
      • Name
      • Address
      • Credit card numbers, bank account numbers
      • Telephone / fax numbers, e-mail

Some content adapted with permission from Stanford University