准则、标准和法律

Description

1级机密数据 is information maintained by the University that is exempt from disclosure under the provisions of the California Public Records Act or other applicable state or federal laws.  未经授权的使用, access, disclosure, acquisition, modification, loss, or deletion could result in severe damage to the CSU, its students, 员工或客户.  Financial loss, 对基社盟声誉的损害 and legal action could occur if data is lost, stolen, unlawfully shared or otherwise compromised.

Level 1 data is intended solely for use within the CSU and limited to those with a “business need-to-know.”  Statutes, regulations, other legal obligations or mandates protect much of this information.  Disclosure of Level 1 data to persons outside of the University is governed by specific standards and controls designed to protect the information.

机密信息 must be interpreted in combination with all information contained on the computer or electronic storage device to determine whether a violation has occurred.

Level 1 access will be granted on a strict “need-to-know” basis only and will be restricted to authorized staff and other participants who have executed an approved Non-Disclosure Agreement (NDA).  This information includes organization contact lists, 内部处理程序, employee schedules and other information required to function within the organization but too sensitive to release to the public.

Examples (note: list provides examples and is not all-inclusive)

• 密码或凭据
• PINs (Personal Identification Numbers)
• Birth date combined with the last four digits of SSN and name
• Credit card numbers with cardholder name or expiration date and/or card verification code
• Tax ID with name
• 驾驶执照号码, state identification card and other forms of national or international identification (such as passports, visas, etc.)加上名字
• 社会安全号码和姓名
• Health insurance information with name
• Medical records related to an individual
• Psychological counseling records related to an individual
• Bank account or debit card information in combination with any required security code, access code, or password that would permit access to an individual’s financial account
• 电子或数字化签名
• 私钥(数码证书)
• Vulnerability/security information related to a campus or system
• 律师/客户端通信
• Legal investigations conducted by the University
• Third-party propriety information per contractual agreement
• Sealed bids
• Employee name with personally identifiable employee information
  • 生物识别信息
  • 电子或数字化签名
  • 个人特征

Description

Internal use data is information that must be protected due to proprietary, 道德或隐私方面的考虑.  Although not specifically protected by statute, regulations or other legal obligations or mandates, unauthorized use, access, disclosure, acquisition, modification, loss or deletion of information at this level could cause financial loss, 造成经济损失的损害, 对基社盟声誉的损害, violate an individual’s privacy rights or make legal action necessary.

Non-directory educational information may not be released except under certain prescribed conditions.

Level 2 access will be granted on a strict “need-to-know” basis only and will be restricted to authorized staff and other participants who have executed an approved Non-Disclosure Agreement (NDA).  This information includes organization contact lists, 内部处理程序, employee schedules and other information required to function within the organization but too sensitive to release to the public.

Examples (note: list provides examples and is not all-inclusive)

• 身份验证密钥(名称与)
  • 出生日期(完整日期:mm-dd-yy)
  • 出生日期(部分:仅限mm-dd)

• Student name with personally identifiable education records
  • Grades
  • Courses taken
  • Schedule
  • Test scores
  • 咨询记录
  • 接受的教育服务
  • 纪律的行为

• 员工信息
  • 员工净工资
  • 工作经历
  • Home address
  • Personal telephone numbers (including emergency contacts)
  • 个人电子邮件地址
  • Payment History
  • 员工评估
  • 纪律的行为
  • 背景调查
  • 母亲的娘家姓
  • 种族和民族
  • Parents and other family members names
  • 出生地(城市、州、国家)
  • Gender
  • Marital Status
  • 物理描述
  • Photograph (voluntary for public display)

• Other
  • Donor name, address, phone, email and giving amount
  • 图书馆流通信息
  • Trade secrets or intellectual property such as research activities
  • Location of critical or protected assets
  • 授权软件

Description

This is information that is generally regarded as publicly available.  Information at this level is either explicitly defined as public information or intended to be available to individuals both on and off campus or not specifically classified elsewhere as Level 1 or Level 2.

Knowledge of this information does not expose the CSU to financial loss or jeopardize the security of the CSU’s information assets. 

Publicly available data may still be subject to appropriate campus review or disclosure procedures to mitigate potential risks of inappropriate disclosure.

1Cal State LA may disclose “Directory Information” without prior written consent of the student.  However, at any time the student may exercise the option to consider this information confidential by completing the Releasing Student “Directory Information” to Outside Agencies form and submitting it to the 招生和记录中心, SSB 1st Floor. All requests to obtain student directory information must be directed to the 招生和记录中心.

Examples (note: list provides examples and is not all-inclusive)

• 校园识别钥匙
  • 校园识别码
  • User ID (do not list in a public or a large aggregate list where it is not the same as the student email address)
  • Email
• 学生信息1

Educational directory information (FERPA) includes

• Name
• Address
• Telephone number
• Email address
• Photograph
• 主修领域
• Participation in officially recognized activities and sports
• Height and weight of members of athletic teams
• 出席日期
• Grade level
• 注册状态
• 获得学位、荣誉和奖励
• Most recent previous educational agency or institution attended by the student

Bargaining unit student employee directory information

• Name of the department employing the student
• The student employee’s telephone number within the department
• The student employee’s email address within the department
• The student employee’s job classification

• 员工信息 (including student employees)
  • Employee title
  • Status as student employee (such as TA, GA, ISA)
  • 员工校园邮箱地址
  • Employee work location and telephone number
  • 用人部门
  • 员工分类
  • 员工工资毛额
  • Name (first, middle, last) (except when associated with protected data)
  • 签名(非电子)
• 捐赠者的信息
  • 组成的代码
  • Class, degree, academic organization, major
  • 以上定义的就业信息
  • Job title