Data Classification

What is Personally Identifiable Information?

Personally Identifiable Information is any personal information that is linked or linkable to a student, Faculty/Staff member's identity, so that the cumulative effect of multiple disclosures of data allows for the compromise of that user's identity.  

How can Personally Identifiable Information be defined? 

According to KCTCS policy 4.2.5, section, sensitive data (PII) can be classified into three subtypes:

  • Confidential
  • Restricted
  • Public

Section of the KCTCS policy outlines examples of non-compliance regarding the responsible use of confidential and restricted information data elements, namely:

  • Viewing or distributing confidential or restricted information without authorization

Classification Types and Data Elements

Confidential information, the highest level of sensitivity, is defined as information that could cause substantial damage to or liability by KCTCS if treated irresponsibly.

Confidential Information

Confidential Information is defined by substantial damage to or liability by KCTCS if treated irresponsibly. The lack of safeguards applied around this data type can effectively lead to a data breach if data were to be disclosed.  This information is subject to disclosure upon appropriate legal and administrative review.

Restricted Information (Relates to FERPA data elements)

Restricted information is information that, if compromised, could constitute a potential FERPA violation if enough coupled data were to be compromised.   

There are cases where Restricted information or Restricted information coupled with other identities, restricted or otherwise, is required to be sent via email.  If you are limited to work only within the body of an email and cannot use OneDrive to store this information for referencing, then please refer to the information handling section of the data classification policy:

Public/Directory Information

Public/Directory information, the lowest level of sensitivity, is not considered at-risk information if the information were to be sent or viewed by the unintended recipient.

Data Classifications

The goal of information security, as stated in the KCTCS Information Security Policy, is to protect the confidentiality, integrity and availability of Institutional Data. Data classification reflects the level of impact to the KCTCS if confidentiality, integrity or availability is compromised.

Data Element Classification
Foundation Donor Information - all data in Donor Database Confidential
Health Information (Email, Medical Records, Patient Information, Dates, Certain Business Numbers, etc…) Confidential
Social Security number Confidential
Driver's License number Confidential
Passport number Confidential
Visa number Confidential
Certificate/License number Confidential
All payment card data (including all credit/debit cards and cardholder information) Confidential
Bank Account Number or other financial account numbers Confidential
Student Loan Information (Account Numbers, Credit Information, etc.) Confidential
Passwords, passphrases, PIN numbers, security codes, access codes Confidential
Student Academic Transcript Confidential
Student Ethnicity Confidential
Student Country of Birth or Citizenship Confidential
Student/EmployeeID (KCTCS 9 digit ID) Restricted
Emergency contact Restricted
Ethnicity Restricted
Military Status Restricted
Veteran Status Restricted
Citizenship Restricted
Visa status Restricted
Country of birth or citizenship Restricted
Job action reason (e.g. terminations or leave) Restricted
Grades Restricted
GPA Restricted
Benefits enrollment info Restricted
Payroll information (e.g. taxes, deductions, etc.) Restricted
Marital Status Restricted
Date of Birth/Age, place of birth Public
Name – Employee/Student Public
Local and/or permanent address Public
email address Public
Telephone Number(s) Public
Dates of first and last employment Public
Compensation Public
Job Title Public
Job Description Public
Business Address Public
College Public
Department Public
Business Telephone Number Public
Previous work experience Public
Education & Training Background Public
Home Mailing Address Public
Class Public

Major field of study

  • Dates of attendance
  • Degrees and awards received
  • The most recent previous educational agency or institution attended by the student