Protected data, sometimes called Personally Identifiable Information or PII, is an umbrella term for information about a person that can be used to facilitate identity theft and other criminal acts. To define how much protection different types of data require, the CSU has developed a three-tier classification system [1]:

• Level 1: Confidential information governed by existing laws, such as Social Security numbers and their associated names, credit card numbers with cardholder names, or medical records for a specific individual.
• Level 2: Information for internal use that must be protected for ethical or privacy reasons, such as student grades, courses taken, or disciplinary records.
• Level 3: General information such as a person's title, email address, or other published information that exists in the public domain.

This is why employees with access to protected data must change their passwords more frequently than others [2].

If you need to store or process Level 1 data on your HSU-owned computer, you must let ITS know so we can help get you set up correctly. The university conducts regular audits [3] to ensure the security of such data. Level 1 data may never be emailed or stored on portable media, or stored on a personally owned device.