The following table lists individual data elements that must be treated as Confidential or Sensitive Data due to Appalachian’s legal, contractual, and risk based objectives. If you are dealing with one of these data elements and evaluating new processes or storage and sharing options, then you need to contact the ITS Office of Information Security for review and assistance.
Resources:
| Data Element | Classification Level | Secure Storage & Exchange | Compliance Areas | Description |
|---|---|---|---|---|
| Alien or Immigration ID |
Confidential |
Banner Docuware uStor FileShare |
FERPA GLBA NCID Theft NC HR Act |
Issued by the U.S. Citizenship and Immigration Services (USCIS) or the former INS, also called A-Number, green card number, or Permanent Resident Card number |
| Attorney Client Relationship |
Sensitive |
Banner Docuware uStor FileShare University Computers AppState Google Drive |
NC Public Records |
Information exchanged between a client and their lawyer or legal counsel; may also be referred to as attorney-client privilege |
| Banking Account Number |
Confidential |
Banner Docuware uStor FileShare |
GLBA HIPAA NCID Theft NC HR Act |
A group of numbers (usually 10-12 digits) that is specific to one's personal bank account |
| Banner ID |
Public |
No Security Restrictions or Guidance Needed |
Each student and employee at App State is assigned a Banner ID, which is a nine-digit number starting with 900 that is your unique student or employee identifier. |
|
| Beneficiary Information |
Confidential |
Banner Docuware uStor FileShare |
NCID Theft NC HR Act |
The person or entity entitled to receive the claim amount and other benefits upon the death of the benefactor or on the maturity of the policy. |
| Biometric Information |
Confidential |
Banner Docuware uStor FileShare |
NCID Theft |
Unique identifiers include fingerprints, hand geometry, earlobe geometry, retina and iris patterns, voice waves, DNA, and signatures. Biometrics is a very strong authentication mechanism as it is based on something that you are, as opposed to something you know or something you have. |
| Birth Date |
Confidential |
Banner Docuware uStor FileShare |
FERPA GLBA HIPAA NC HR Act FTC Red Flag |
The month, day, and year a person is born |
| Criminal Investigation Report or Police Record |
Confidential |
Banner Docuware uStor FileShare |
FERPA NC Public Records NC HR Act |
A report that involves the study of facts, used to identify, locate and prove the guilt of an accused criminal; an official file, held by the police, containing details of any criminal offenses committed by an individual |
| Dependents (relationship to individual or employee) |
Sensitive |
Banner Docuware uStor FileShare University Computers AppState Google Drive |
NC HR Act |
A person(s) who relies on another, especially a family member, for financial support. |
| Disability Information |
Confidential |
Banner Docuware uStor FileShare |
FERPA HIPAA NC HR Act |
An impairment that may be cognitive, developmental, intellectual, mental, physical, sensory, or a combination of these. |
| Driver's License Number |
Confidential |
Banner Docuware uStor FileShare |
FERPA NCID Theft FTC Red Flag |
Specific identification number assigned to a driver by the issuing government agency. This number is usually required to be displayed on the individual's driver's license issued by his or her state. |
| Employee HR File Information (e.g., performance, benefit, financial, medical) |
Confidential |
Banner Docuware uStor FileShare |
GLBA NC HR Act |
The main employee file that contains the history of the employment relationship from employment application through exit interview and employment termination documentation. |
| Fingerprints |
Confidential |
Banner Docuware uStor FileShare |
NCID Theft |
Fingerprints contain unique patterns of ridges and valleys that are present in an individual’s skin. These patterns are unique to every individual and thus help to identify individuals from an entire population. Fingerprints are inherent to individuals and can neither be lost nor stolen which makes it highly accurate and reliable. |
| Home Address |
Sensitive |
Banner Docuware uStor FileShare University Computers AppState Google Drive |
FERPA NC HR Act FTC Red Flag |
The address of the house, apartment, or dwelling that a person lives in |
| Marital Status or Effective Date |
Sensitive |
Banner Docuware uStor FileShare University Computers AppState Google Drive |
FERPA GLBA NC HR Act |
The classification of legal married status, including married, widowed, separated, divorced, or single; date on which a transaction is recorded or when an agreement takes effect. |
| Medical Records (including medical ID number - PHI) |
Confidential |
Banner Docuware uStor FileShare |
FERPA HIPAA NC HR Act |
The systematic documentation of a single patient's medical history and care across time within one particular health care provider's jurisdiction |
| Mother's Maiden Name |
Confidential |
Banner Docuware uStor FileShare |
FERPA GLBA HIPAA NCID Theft |
An individual's mother's surname or birth name before she marries and takes her husband's last name |
| Passport Number |
Confidential |
Banner Docuware uStor FileShare |
FERPA GLBA NCID Theft NC HR Act FTC Red Flag |
US Passports contain a variety of identification features, including passport numbers, which are between six and nine characters, including letters and numbers. |
| Payment Card Magnetic Strip Information (NOT to be stored by AppState) |
Confidential |
Banner Docuware uStor FileShare |
PCI-DSS NCID Theft |
A strip of magnetic information that is affixed to the back of a plastic credit card or debit card. Some of the information that can be collected on the magnetic strip includes the card number, expiration date, credit card limit, and card usage. |
| Payment Card Number (PAN) |
Confidential |
Banner Docuware uStor FileShare |
PCI-DSS |
Payment Card Number, Primary Account Number (PAN), or Card Number, is the card identifier found on payment cards, such as credit cards and debit cards. The card number is primarily a card identifier. |
| Payment Card PIN |
Confidential |
Banner Docuware uStor FileShare |
PCI-DSS NCID Theft |
An identifying number allocated to an individual by a bank or other organization and used for validating electronic transactions |
| Private Contributor Records |
Confidential |
Banner Docuware uStor FileShare |
AppState Selected (Other) |
A record of anything of value given, loaned, or advanced from a private contributor |
| Social Security Number |
Confidential |
Banner Docuware uStor FileShare |
FERPA GLBA HIPAA NCID Theft NC Public Records NC HR Act FTC Red Flag |
A nine-digit number issued to US citizens, permanent residents, and temporary working residents that are unique for each individual, used to track Social Security benefits and for other identification purposes |
| Student Conduct Records |
Sensitive |
Banner Docuware uStor FileShare University Computers AppState Google Drive |
FERPA |
A file that is created in the name of each student alleged to have violated University policies. This file becomes part of a student's formal education record. |
| Student Loan Number |
Confidential |
Banner Docuware uStor FileShare |
FERPA GLBA NCID Theft |
A group of numbers that is specific to one's student loan account |