As a UMBC staff or faculty member, it is essential that you take appropriate steps to protect university information. The first step in protecting information is to understand the classification the information falls under. At UMBC, protection requirements and restrictions are applied to information based on these classification levels.
If you have any questions about how to protect or classify information, please contact the DoIT Security Department at security@umbc.edu.
It is better to ask before possibly causing an information breach.
Information Classification
University information is broadly categorized into one of four levels.
Level 0 - Public Information
Level 0 information is information that is public to the world and not subject to any laws or restrictions on who can access it. This information could be posted on a billboard anywhere in the world, and it would be no problem.
Level 1 - UMBC Proprietary Information & FERPA
Most of the information used as a part of the academic and business processes of UMBC is Level 1 data. This includes any information that is covered under FERPA and any information that is related to UMBC business or academic programs, that isn't covered by another law or contractual restriction.
Level 2 - Confidential Information
Level 2 information is any information that could be implicated in a data breach under identity theft laws. This includes information such as:
Social Security Numbers
Drivers License Numbers
Passport and VISA Numbers
Credit Card Numbers (for non-UMBC credit cards)
Financial Account Numbers (for Financial Accounts Outside of UMBC)
Level 3 - High Security Information / Legal Protections Required
Level 3 data is our highest classification of general information at UMBC. This level includes information that must be protected specifically under state, federal, or international law. The main law that falls under this category is health information that is covered by HIPAA.