Sensitive Data includes, but is not limited to:
Personal Information as defined by UCLA
an individual's first name or first initial, and last name, in combination
with any one or more of the following: (1) social security number, (2)
driver's license number or California identification card number, or (3)
account number, credit or debit card number, in combination with any required
security code, access code, or password that would permit access to an
individual's financial account.
Restricted Data as defined by UC BFB IS-3:
Electronic Information Security:
data that is considered sensitive to some degree. It is divided into two
subcategories: Personal and Limited.
- Personal data refers to the combination of any information that
identifies and describes an individual, including but not limited to, his
or her name, social security number, protected health information (PHI),
and financial account information. Access to such data is governed by
state and federal laws, both in terms of protection of the data, and
requirements for disclosing the data to the individual to whom it
pertains. Protection for such data may also be subject to additional
operating regulations in accordance with vendor or partner agreements,
such as the Payment Card Industry Data Security Standards. For further
discussion of what constitutes personal data see BFB RMP-8, and in the
case of student records, see the UC Policies Applying to Campus
Activities, Organizations and Students Sec. 130.240, "Personally
Identifiable Information." For PHI, see HIPAA compliance at the
University of California
- Limited refers to
- Electronic information whose unauthorized access, modification or
loss could seriously or adversely affect the University (e.g., cause
financial loss or loss of confidence or public standing in the
community), adversely affect a partner (e.g., a business or agency
working with the University), or adversely affect the public.
Examples of such data may include selected research data where the
corresponding research is incomplete, or responses to a Request for
Proposal before a decision has been reached.
- Electronic information that the Electronic Information Resource
Proprietor chooses to protect from general access or modification,
although such access is not prohibited by law or University policy.
An example might include data containing budget projections for a
More information regarding protection of personal information can be found