Sensitive Data is data whose unauthorized disclosure may have serious adverse effects on the university’s reputation, resources, services, or individuals. Sensitive Data includes social security numbers, credit card information, and anything else that can be used to facilitate identity theft. It also includes federally protected data such as student information and medical information, as well as passwords, account information, restricted data, and any other unique identification. UA faculty and staff are responsible for protecting sensitive data to which they have authorized access, as well as responsible for compliance with all UA information security policies and procedures and any applicable laws, statutes, and regulations. It is important to know who can access the data, the appropriate places to store the data, how to securely dispose of the data, and how to report a breach or compromise of sensitive university data. For more information on faculty and staff responsibilities related to the handling and storage of university data, please see the “Data Management” section found at this link: https://security.arizona.edu/data-management-faculty-and-staff
To determine which data classification is appropriate for a particular information asset, please see the criteria in "Data Classifications" section found at this link: https://security.arizona.edu/data-classification-and-handling-standard
Sensitive or personal information should not be stored, including in Box. A list of items not to be stored in Box is below. Box is a FERPA safe application, but PHI or HIPAA require a specific account type received by submitting a CALES Box Health Folder Request (mailto: CCT-Systems@arizona.edu).
- Social Security Numbers
- Credit Card Numbers
- Financial/Banking Account Numbers
- Driver's License Numbers
- Health Insurance Policy ID Numbers
- Data as Defined Under FISMA, ITAR/EAR, HIPAA