{"id":14299,"date":"2025-03-28T13:26:36","date_gmt":"2025-03-28T18:26:36","guid":{"rendered":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/"},"modified":"2025-12-16T15:59:07","modified_gmt":"2025-12-16T21:59:07","slug":"uwm-data-classification-guidelines","status":"publish","type":"page","link":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/","title":{"rendered":"51ÁÔÆæ Data Classification Guidelines"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-introduction\">Introduction<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.wisconsin.edu\/uw-policies\/uw-system-administrative-policies\/information-security-data-classification-and-protection\/\">UW System Administration Policy 1031<\/a> provides the standards by which UW institutions classify their data. The policy divides data into High Risk, Moderate Risk, and Low Risk. These risk categories are used by other policies to determine the required level of protection, response obligations, and other responsibilities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-definitions-amp-standards\">Definitions &amp; Standards<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-high-risk-data\">High Risk Data<\/h3>\n\n\n\n<p>High Risk data is any data where unauthorized disclosure, alteration, loss, or destruction:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>May cause financial loss or violate a law, OR would violate a confidentiality agreement, OR would cause serious repetitional harm to the University, OR would require the University of Wisconsin system to inform the government or public of a<br>breach<\/li>\n<\/ul>\n\n\n\n<p>Examples of High Risk data include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HIPAA data<\/li>\n\n\n\n<li>PCI data<\/li>\n\n\n\n<li>Personal Health Information (PHI)<\/li>\n\n\n\n<li>FERPA information in conjunction with Student ID numbers or Social Security numbers<br>(SSN)<\/li>\n\n\n\n<li>Information that is exempt from public record laws<\/li>\n\n\n\n<li>Information that might pose a risk of identity theft (first initial and last name when linked with<br>other information such as DNA, SSN, Driver\u2019s License ID and financial data)<\/li>\n\n\n\n<li>Any passwords that grant access to other High Risk data<\/li>\n<\/ul>\n\n\n\n<p>Please note: By our current data categories, it is likely that much of the university data you are responsible for should be classified as High Risk.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-moderate-risk-data\">Moderate Risk Data<\/h3>\n\n\n\n<p>Moderate Risk data is defined as \u201cAny data if released to unauthorized individuals could have a mildly adverse impact on the institution or UW System mission, safety, finances, or reputation.\u201d Any data that is not categorized as High or Low will be categorized as moderate.<\/p>\n\n\n\n<p>Examples of Moderate Risk data include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Student educational records without identifying references<\/li>\n\n\n\n<li>Directory information for employees who have chosen to withhold their personal information<\/li>\n\n\n\n<li>Donor or other third-party partner information maintained by the University<\/li>\n\n\n\n<li>Proprietary financial, budgetary or personnel information not explicitly authorized for public<br>release<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-low-risk-data\">Low Risk Data<\/h3>\n\n\n\n<p>Low Risk data is, essentially, public information.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction UW System Administration Policy 1031 provides the standards by which UW institutions classify their data. The policy divides data into High Risk, Moderate Risk, and Low Risk. These risk categories are used by other policies to determine the required &hellip;<\/p>\n","protected":false},"author":1652,"featured_media":0,"parent":1013,"menu_order":6,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":"","uwm_wg_additional_authors":[]},"class_list":["post-14299","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Technology Resources<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"51ÁÔÆæ Data Classification Guidelines\" \/>\n<meta property=\"og:description\" content=\"Introduction UW System Administration Policy 1031 provides the standards by which UW institutions classify their data. The policy divides data into High Risk, Moderate Risk, and Low Risk. These risk categories are used by other policies to determine the required &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology Resources\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-16T21:59:07+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@51ÁÔÆæ_IT\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/uwm-data-classification-guidelines\\\/\",\"url\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/uwm-data-classification-guidelines\\\/\",\"name\":\"51ÁÔÆæ Data Classification Guidelines - Technology Resources\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/#website\"},\"datePublished\":\"2025-03-28T18:26:36+00:00\",\"dateModified\":\"2025-12-16T21:59:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/uwm-data-classification-guidelines\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/uwm-data-classification-guidelines\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/uwm-data-classification-guidelines\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IT Policies\",\"item\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/policies\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"51ÁÔÆæ Data Classification Guidelines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/#website\",\"url\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/\",\"name\":\"Technology Resources\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/uwm.edu\\\/information-technology\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Technology Resources","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/","og_locale":"en_US","og_type":"article","og_title":"51ÁÔÆæ Data Classification Guidelines","og_description":"Introduction UW System Administration Policy 1031 provides the standards by which UW institutions classify their data. The policy divides data into High Risk, Moderate Risk, and Low Risk. These risk categories are used by other policies to determine the required &hellip;","og_url":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/","og_site_name":"Technology Resources","article_modified_time":"2025-12-16T21:59:07+00:00","twitter_card":"summary_large_image","twitter_site":"@51ÁÔÆæ_IT","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/","url":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/","name":"51ÁÔÆæ Data Classification Guidelines - Technology Resources","isPartOf":{"@id":"https:\/\/uwm.edu\/information-technology\/#website"},"datePublished":"2025-03-28T18:26:36+00:00","dateModified":"2025-12-16T21:59:07+00:00","breadcrumb":{"@id":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/uwm.edu\/information-technology\/policies\/uwm-data-classification-guidelines\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/uwm.edu\/information-technology\/"},{"@type":"ListItem","position":2,"name":"IT Policies","item":"https:\/\/uwm.edu\/information-technology\/policies\/"},{"@type":"ListItem","position":3,"name":"51ÁÔÆæ Data Classification Guidelines"}]},{"@type":"WebSite","@id":"https:\/\/uwm.edu\/information-technology\/#website","url":"https:\/\/uwm.edu\/information-technology\/","name":"Technology Resources","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/uwm.edu\/information-technology\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-04-24 09:16:40","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/14299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/users\/1652"}],"replies":[{"embeddable":true,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/comments?post=14299"}],"version-history":[{"count":9,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/14299\/revisions"}],"predecessor-version":[{"id":15835,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/14299\/revisions\/15835"}],"up":[{"embeddable":true,"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/pages\/1013"}],"wp:attachment":[{"href":"https:\/\/uwm.edu\/information-technology\/wp-json\/wp\/v2\/media?parent=14299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}