Skip to main content

Data Types

All information at Cornell should be protected, even data that you may not consider sensitive. Cornell Policy 5.10, Information Security, divides data into two types:

Confidential Data

Data that should never be shared publicly, because it poses identity theft risks when found in conjunction with an individual's name or other identifier (see more about confidential data types):

  • Social Security numbers
  • Driver's license numbers
  • Credit card numbers
  • Bank account numbers

Restricted Data

All other university data, including:

  • Data that the university does not share publicly, but isn't classified as confidential
  • Data that has been approved for anonymous public access (sometimes referred to as "public" data)

Some data at Cornell is also subject to state and federal laws:

State Security Breach Notification laws

  • Social Security numbers
  • Credit card data
  • Driver’s license numbers
  • Bank account information

Health Insurance Portability and Accountability Act (HIPAA)

  • Health insurance
  • Health records/patient treatment information

Gramm-Leach-Bliley Act for Disclosure of Nonpublic Personal Information (GLBA)

  • Loan records

Family Education Rights and Privacy Act (FERPA)

  • Tax records of parents and students
  • Grades

Sarbanes-Oxley Act

  • Cornell tax records

Was this page helpful?

Your feedback helps improve the site.

Comments?