Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

As a UMBC staff or faculty member, it is essential that you take appropriate steps to protect university information.  The first step in protecting information is to understand the classification the information falls under.  At UMBC, protection requirements and restrictions are applied to information based on these classification levels. 

If you have any questions about how to protect or classify information, please contact the DoIT Security Department at security@umbc.edu. 

It is better to ask before possibly causing an information breach.


Information Classification

University information is broadly categorized into one of four levels.

  • Level 0 - Public Information
    • Level 0 information is information that is public to the world and not subject to any laws or restrictions on who can access it.  This information could be posted on a billboard anywhere in the world, and it would be no problem.
  • Level 1 - UMBC Proprietary Information & FERPA
    • Most of the information used as a part of the academic and business processes of UMBC is Level 1 data.  This includes any information that is covered under FERPA and any information that is related to UMBC business or academic programs, that isn't covered by another law or contractual restriction.  
  • Level 2 - Confidential Information
    • Level 2 information is any information that could be implicated in a data breach under identity theft laws.  This includes information such as:
      • Social Security Numbers
      • Drivers License Numbers
      • Passport and VISA Numbers
      • Credit Card Numbers (for non-UMBC credit cards)
      • Financial Account Numbers (for Financial Accounts Outside of UMBC)
  • Level 3 - High Security Information / Legal Protections Required
    • Level 3 data is our highest classification of general information at UMBC.  This level includes information that must be protected specifically under state, federal, or international law.  The main law that falls under this category is health information that is covered by HIPAA. 



  • No labels