Technology Threshold Assessment

Overview

Sensitive ECU data: any ECU data that is regulated by international, federal or state law; university policy or regulation; or legal contract. Examples include data covered by FERPA, HIPAA, GLBA, GDPR, PCI, ITPA and ECU policies and regulations for acceptable computer use and information security.

Personal Information (PI)

Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Protected Health Information (PHI)

Any information about health status, provision of health care, or payment for health care that is created by a Covered Entity (or Business Associate of a Covered Entity), and can be linked to a specific individual, or the information can be used to identify an individual. Information can be in any form – oral, written, or electronic – and may reference past, present, or future (1) physical or mental health conditions or (2) financial information for health care.

Human Subject Research Data

Human subject research data can be either medical (clinical) or non-medical (e.g., social science) information containing PII. This data may or may not be subject to HIPAA.

Research Data

Research data, records, or information of a proprietary nature, produced or collected by or for the university (or its employees, officers, contractors, post-doctoral scholars or students) in the conduct of commercial, scientific, or technical research where the data, records, or information has not been patented, published, or copyrighted. This includes, but is not limited to, research data, records, or information of a proprietary nature that is subject to an obligation of confidentiality pursuant to a written agreement by the university and a third-party.

Education Records

Information obtained from the following ECU Education Records or other Personally Identifiable Information in scope of the Family Educational Rights and Privacy Act (FERPA) such as:  Admissions, Financial Aid, Academic, Student Health Service, Student Employee, Student Residence, etc.

Financial Information

Information, such as credit card data, obtained, from consumers (e.g., students), when offering financial products and services like loans or financial or investment advice.

Payment Card Industry (PCI)

Any data relating to credit card payments or the storage, processing, or transmission of cardholder data and/or sensitive data. Cardholder data consists of the full primary account number (PAN) and may also appear in the form of the full PAN plus any of the following – cardholder name, expiration date, and/or service code.

Personnel Data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

General Data Protection Regulation (GDPR)

Information obtained from individuals from/within the European Union (EU) or the European Economic Area (EEA).

Proprietary Information

Information that an individual or entity possesses, owns, or holds exclusive rights to. Examples include: white papers; research papers; business continuity and other business operating plans; e-mail messages; vitae; letters; confidential business documents; participants of an organization, class or group; detailed building drawings; network architecture diagrams; etc. The loss, theft, and disclosure of Proprietary Information could negatively impact University operations or cause reputation and financial harm to individuals or the University

Available To

Faculty, Staff

Fees

No fees are associated with this service.