Information Classification at UMBC

As a UMBC community member, it is essential that you take appropriate steps to protect University information.  The first step in protecting information is to understand the classification under which the information falls.  At UMBC, protection requirements and restrictions are applied to information based on these classification levels. 

Information Classification

University information is broadly categorized into one of four levels.

  • Level 0 - Public Information

    • Level 0 information is information that is public to the world and not subject to any laws or restrictions on who can access it.  This information could be posted on a billboard anywhere in the world, and it would be no problem - though most likely you should not post it on said billboard.

  • Level 1 - FERPA and UMBC Proprietary Information 

    • Most of the information used as a part of the academic and business processes of UMBC is Level 1 data.  This includes any information that is covered under FERPA (Family Educational Rights and Privacy Act) and any information that is related to UMBC business or academic programs that isn't covered by another law or contractual restriction.  

  • Level 2 - Confidential Information

    • Level 2 information is any information that could be implicated in a data breach under identity theft laws.  This includes information such as:

      • Social Security Numbers (SSNs)

      • Drivers License Numbers

      • Passport and VISA Numbers

      • Credit Card Numbers (for non-UMBC credit cards)

      • Financial Account Numbers (for financial accounts outside of UMBC)

  • Level 3 - High Security Information or Other Legal Protections Required

    • Level 3 data is our highest classification of general information at UMBC.  This level includes information that must be protected specifically under state, federal, or international law.  The main law that falls under this category is health information, covered by the Health Insurance Portability and Accountability Act (HIPAA). 

If you have any questions about how to protect or classify information, please contact the DoIT Security Department at