Site Menu
- Policy & Standards
- University
- Institutional Data
- Disclosure or Exposure of Personal Information
- Responsible Use of University Computing and Network Resources
- Archives and Records Retention
- Merchant Services & Use of Credit Cards
- Deployment and Use of Wireless Data Networks
- Statement on Public Records
- Draft Identity Theft Red Flags
- State & Federal
- Institutional Data
- Training
- Tools & Templates
- Standards & Frameworks
- FAQ
- Alternative Identifiers
- Data Classification and Access Control
- Gramm-Leach-Bliley Training
- Identity Theft Red Flag Training
- Information Security Implementation Plan
- Institutional Data Policy
- Institutional Data Policy Training
- Red Flags
- Restricted Data
- Social Security Numbers
- University Security Standards
- Campus Resources
- Contact Us
- Site Map
Restricted Data Elements
Overview
Restricted Data is data protected or regulated by law or critical to university operations. The following data elements have been identified as Restricted Data in advance of the formal data classification process due to the risk associated with unauthorized disclosure of these elements:
- SSN and Other Personally Identifiable Information
- Credit Card Information
- Bank Account Information
- Student Educational Records
- Patient Health Information
Restricted Data Classification Matrix
Additional restricted data elements will be added to the restricted data classification matrix presented below as the data elements are identified by the Data Stewards
Restricted Data: SSN and Other Personally Identifiable Information
Specific Data Elements:
- Name (First name or initial and Last name)*
- Social Security Number
- Driver’s license number
- State identification card number
- Financial account numbers such as credit, debit, or bank account information (see below for more information)
Justification for Restricted Data Designation:
Personally identifiable information is protected by Ohio Revised Code (Sections 1347.12, 1349.19, 1349.191, and 1349.192) from disclosure to unauthorized individuals that might lead to identify fraud or other fraud to the individual.
Restricted Data: Credit Card Information
Specific Data Elements:
- Primary Account Number
- Cardholder Name
- Service Code
- Expiration Date
Justification for Restricted Data Designation:
Credit card information is protected by Ohio Revised Code (Sections 1347.12, 1349.19, 1349.191, and 1349.192) from disclosure to unauthorized individuals that might lead to identify fraud or other fraud to the individual and as a requirement of the Payment Card Industry (PCI) standards.
Restricted Data: Bank Account Information
Specific Data Elements:
- Bank Account Number
- Bank Account Routing Numbers
- Bank Account Pins or Passwords
- Bank Account Owner Name
Justification for Restricted Data Designation:
Bank Account information is protected by Ohio Revised Code (Sections 1347.12, 1349.19, 1349.191, and 1349.192) from disclosure to unauthorized individuals that might lead to identify fraud or other fraud to the individual.
Restricted Data: Student Educational Records
Specific Data Elements:
Examples of Restricted Student Records include:
- Grades/Transcripts
- Class enrollment information
- Student Financial Aid, Grants, and Loans
- Financial account and payment information including billing statements, bank account and credit card information
- Admissions and recruiting information including test scores, high school grade point average, high school class rank, etc.
Note: The Ohio State University, in accordance with the Act, has designated the following information about students as public (directory) information:
- Name
- Address (local, home and e-mail)
- Telephone (local and home)
- Program of Study (including college of enrollment, major and campus)
- Enrollment status (e.g. full-time, part-time, withdrawn)
- Dates of attendance
- Honors awarded
- Previous educational agencies or institutions attended
- Participation in officially recognized activities and sports
- Weight and height of members of intercollegiate athletic teams
Students who have designated that their directory information is not to be shared
Justification for Restricted Data Designation:
The privacy of a student’s educational records is protected by the Family Educational Rights and Privacy Act of 1974 (FERPA).
Educational records are records, files, documents, and other materials which contain information directly related to a student that are maintained by an educational agency or institution or by a person acting for such agency or institution.
Restricted Data: Personal Health Information
Specific Data Elements:
- Information about the patient’s past present or future physical or mental health or condition
- Information relating to the provision of or payment for health care
- Information that identifies the individual, or could reasonably be used to identify the individual, including but not limited to: name, address, medical record number, telephone number, birthday, or admission/discharge date
Justification for Restricted Data Designation:
Patient Health Information is protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
