Skip to main content

Data Classification

UNM has adopted an IT Standard for Data Classification, which stipulates that all UNM Data must be assessed and classified according to its business or economic value to the University and its security or confidentiality requirements. The resulting classification will, in turn, facilitate applying the appropriate administrative, physical, and technical safeguards and security controls.  For University Data within UNM's enterprise systems, the appropriate classifications are listed below:

Classification Level
Data Elements
"E Class" (Encrypted)
Any information that contains protected individually identifiable information that can be used to identify or be associated to an individual is considered to be Encrypted (E Class) information.Additionally, the following data elements are considered to be Encrypted (E Class) information if maintained for any reason.
  • Student Military Records
  • Student Medical Records
  • Social Security Number (or part of a SSN)
  • Student and Parent Tax information
  • Protected Health Information
  • Employee Benefits File (both paper and electronic)
  • Employee Health Records
  • Protected payroll and health benefits deduction Information
  • Payroll file (both paper and electronic), subject to potential HIPAA Privacy Rule, IRS and other Federal or State bound restrictions (Garnishments)
  • Banking Information
  • Tax Information
"C Class" (Confidential)
All information, unless categorized as Encrypted (E Class) or Public (P Class), used to support and conduct UNM business.  Some examples include, but are not limited to:
  • Payroll file (both paper and electronic) excluding those items listed in HIPAA Privacy Rule, IRS and other Federal or State bound restrictions
  • Personnel file (both paper and electronic) excluding those items listed in HIPAA Privacy Rule, IRS and other Federal or State bound restrictions
  • Employment transactions
  • Research Proposals
  • Work in Progress Budgets
  • PCard Number
  • Employee Address
  • Confidenitial student information:
    • Grades
    • Disciplinary Records
    • Student Identification Number
    • Race
    • Gender
    • GPA
"P Class" (Public)
Information that UNM has made available or published for the explicit use of the general public.  Examples include:
  • Records accessible pursuant to the NM Inspection of Public Records Act
  • Sunshine Portal
  • Information on publicly accessible UNM web sites
  • Student information classified by FERPA as "directory information", such as:
    • Name
    • Address (School or permanent)
    • Telephone listing
    • Electronic Mail Address
    • Date of Birth
    • Major field of study (including current classification, year, credit load and number of academic credits earned toward degree)Dates of Attendance (matriculation and withdrawal dates)
    • Degrees and award received (type of degree and date granted)
    • Most recent previous educational agency or institution attended
    • Participation in officially recognized activities and sports, and weight and height of members of athletic teams)

Data owners have ultimate authority and responsibility for the access, accuracy, classification, and security of the data within their delegations of authority.   UNM's appointed data owners, and their areas of responsibility, are listed below:

Data Owner
Area of Responsibility
Sr. Vice Provost for Academic Affairs, Carol Parker
Banner HR (faculty)
University Controller, Elizabeth Metzger
Banner Finance, Banner Accounts Receivable, Banner Effort Certification, Banner Workflow, Cayuse, Chrome River, Lobo Mart, UNMJobs (finance), and TouchNet
Vice President for Human Resources, Dorothy Anderson
Banner HR (staff and student), UNMJobs Applicant Tracking
Vice President for Research, Gabriel Lopez
Research
Associate Vice President for Enrollment Management, Terry Babbitt
Banner Student and Financial Aid, Ad Astra Scheduling, LoboAcheive Advisement (Starfish), UAchieve (DARS), UNM Learn (Blackboard)