Information Security Resources

Federal Trade Commission (FTC) - Identity Theft

The FTC has many resources that can help consumers with Identity theft.  For more information please visit the FTC Consumer Information Identity Theft page.

Reporting Identity Theft & Recovery Plan

The FTC has created a great, new tool that helps victims of identity theft. This is a powerful step-by-step tool that helps users report identity theft, generate a recovery plan that includes auto generated letters to send creditors and credit bureaus, identifies organizations and law enforcement to contact, steps to take to correct credit reports, etc. and puts your plan into action.

To report and obtain a recovery plan, please visit FTC Identity Theft tool.

Data Classification  

3-Category Data Classification

All SJSU data must be broken into the following three sensitivity classifications:  LEVEL 1: CONFIDENTIAL, LEVEL 2:  INTERNAL USE ONLY, LEVEL 3:  PUBLICLY AVAILABLE.  Distinct handling, labeling, and review procedures must be established for each classification.

Data Classification Descriptions

The following descriptions are used for identifying and labeling each sensitivity classification for all SJSU information. For further information, refer to the Information Classification and Handling Cheat Sheet or the Information Classification and Handling Standard.

Level

Risk Rating

Examples

Level 1: Confidential

High

  • Passwords or credentials that grant access to level 1 and level 2 data
  • Personal Identification Numbers (PIN)
  • Birth Date – mm/dd/yy (when present with name and last 4 digits of SSN)
  • Credit card numbers with cardholder name
  • Driver’s license number, state identification number, or other forms of national or international identification (passports, visas, etc.)
  • Tax ID
  • Social Security Number
  • Health insurance information
  • Medical records
  • Psychological counseling records
  • Bank account or debit card information in combination with any required security code
  • Biometric Information (fingerprints, voice recordings, palm print, iris scan, DNA)
  • Digital signatures
  • Private key (digital certificates)
  • Law enforcement personnel records
  • Criminal background check results
  • Vulnerability/security information related to the campus or computer information systems
  • Vulnerability/security information related to campus law enforcement operations

Level 2: Internal Use

Moderate

  • Photo (taken for identification purposes)
  • Partial Birthdate mm/dd
  • Student Information
    • Educational records, grades, courses taken, schedule, test scores, advising records, educational services received, disciplinary actions.
    • Non-directory student information
  • Library circulation information
  • Linking a library user with a specific subject area
  • Sealed bids prior to award
  • Identifiable information (Purchase order) of the supplier/company
  • Trade secrets and intellectual property
  • Information covered by a specific non-disclosure agreement
  • Location of critical protected assets
    • Maps of campus utility systems
    • Construction drawings of campus buildings
    • Detailed drawings of sensitive campus facilities
  • Licensed software
  • Campus attorney-client communications
  • Accident reports and investigations
  • Employee Information
    • Net Salary
    • Personal telephone numbers
    • Personal email address
    • Payment history
    • Evaluations
    • Mother’s maiden name
    • Race and ethnicity
    • Family members’ names
    • Birthplace
    • Gender
    • Marital Status
    • Physical Description
    • Home or Personal Mailing Address
  • University Donor Information
    • Name
    • Home or mailing address
    • Personal telephone numbers
    • Personal email address
    • Donation if request is for anonymous gift/donation

Level 3: Publicly Available

Low

  • Tower ID (Emplid, Student ID)
  • Employee Information
    • Work email address
    • Work mailing address
    • Title
    • Office location and telephone number
    • Department
    • Gross Salary
    • Signature (non-electronic)
  • Financial budget information
  • Purchase order information
  • Student Information (Non-FERPA students only)
    • Name
    • Major
    • Participation in sports/activities
    • Weight and height (athletic team members)
    • Dates of attendance
    • Full or part-time status
    • Degrees and awards received
    • Campus email address
    • Most recent or previous college/university/agency attended