Level 1 Confidential Data

Description

Level 1 Confidential Data is information maintained by the University that is exempt from disclosure under the provisions of the California Public Records Act or other applicable state or federal laws.  Its unauthorized use, access, disclosure, acquisition, modification, loss, or deletion could result in severe damage to the CSU, its students, employees or customers.  Financial loss, damage to the CSU’s reputation and legal action could occur if data is lost, stolen, unlawfully shared or otherwise compromised.

Level 1 data is intended solely for use within the CSU and limited to those with a “business need-to-know.”  Statutes, regulations, other legal obligations or mandates protect much of this information.  Disclosure of Level 1 data to persons outside of the University is governed by specific standards and controls designed to protect the information.

Confidential information must be interpreted in combination with all information contained on the computer or electronic storage device to determine whether a violation has occurred.

Level 1 access will be granted on a strict “need-to-know” basis only and will be restricted to authorized staff and other participants who have executed an approved Non-Disclosure Agreement (NDA).  This information includes organization contact lists, internal processing procedures, employee schedules and other information required to function within the organization but too sensitive to release to the public.

Examples

  • Passwords or credentials
  • PINs (Personal Identification Numbers)
  • Birth date combined with the last four digits of SSN and name
  • Credit card numbers with cardholder name or expiration date and/or card verification code
  • Tax ID with name
  • Driver’s license number, state identification card and other forms of national or international identification (such as passports, visas, etc.) in combination with name
  • Social Security number and name
  • Health insurance information with name
  • Medical records related to an individual
  • Psychological counseling records related to an individual
  • Bank account or debit card information in combination with any required security code, access code, or password that would permit access to an individual’s financial account
  • Electronic or digitized signatures
  • Private key (digital certificate)
  • Vulnerability/security information related to a campus or system
  • Attorney/client communications
  • Legal investigations conducted by the University
  • Third-party propriety information per contractual agreement
  • Sealed bids
  • Donor name and giving amount
  • Employee name with personally identifiable employee information
    • Biometric information
    • Electronic or digitized signatures
    • Personal characteristics