KB User's Guide - Sensitive and Restricted Data Policy

The following document outlines the Knowledgebase policy regarding sensitive, restricted, and internally protected data.

Basic Policy

The KnowledgeBase User’s Guide supports over 75 groups at UW-Madison and 26 other higher education institutions and organizations. The KnowledgeBase service cannot be used to store, display, or request any data that is considered sensitive or restricted. Internal KB sites may be used to store internal data.

For more information on what qualifies as sensitive and/or restricted data, please see the UW System's "Information Security: Data Classification" page. Please also review the Registrar's "Directory Information" page for what information is contained in a students' education record that is considered protected, non-directory information (examples: SSN and Campus ID #s). Also, if you suspect the data may be considered sensitive or restricted, it is recommended that you operate as if it is, just to be safe.

Examples of Sensitive and Restricted Data

  • Employee and student identification numbers (Campus ID #'s) *This is internal data when paired with things like Name and Email, and we advise against prompting for this information 
  • Social security numbers 
  • Drivers license numbers and state resident/personal identification numbers 
  • Financial account number (including credit/debit card) or any security code, access code or password that would permit access to an individuals financial account 
  • Protected health information (any information about the health status, provision of health care, or payment for health care) (except workman's comp)
  • Passport numbers and alien registration numbers
  • Military ID number 
  • Personal information such as date of birth and mothers maiden name 
  • Digitized signatures (ink signatures that have been digitized) 
  • Unique physical biometric data (including fingerprint, voice print, retina/iris image) that can be used to identify an individual
  • Student educational records regulated under FERPA in conjunction with identifying references such as SSN's or student identification numbers (excluding directory data)
  • Login/password credentials granting access to high risk data
  • Images of any of the above (uploaded to the form)
For more information on sensitive and restricted data and for more classification examples, please see the IT Data Classification Policy and UW System's "Information Security: Data Classification" page

Troubleshooting



Keywordsssn, social, security, number, drivers, license, date of birth, birth, ID, sensitive, restricted, PHI, HIPAA, protected, data, forms, content, include, request, classified, classification   Doc ID127184
OwnerMatt G.GroupKB User's Guide
Created2023-04-10 15:07:38Updated2024-06-03 09:23:53
SitesKB User's Guide
Feedback  0   0