准则、标准和法律

Description

1级机密数据 is information maintained by the University that is exempt from disclosure under the provisions of the California Public Records Act or other applicable state or federal laws.  未经授权的使用, access, disclosure, acquisition, modification, loss, 或删除可能会对鉴证组造成严重损害, its students, 员工或客户.  Financial loss, 对基社盟声誉的损害 and legal action could occur if data is lost, stolen, 非法分享或以其他方式泄露.

Level 1 data is intended solely for use within the CSU and limited to those with a “business need-to-know.”  Statutes, regulations, other legal obligations or mandates protect much of this information.  Disclosure of Level 1 data to persons outside of the University is governed by specific standards and controls designed to protect the information.

机密信息 must be interpreted in combination with all information contained on the computer or electronic storage device to determine whether a violation has occurred.

Level 1 access will be granted on a strict “need-to-know” basis only and will be restricted to authorized staff and other participants who have executed an approved Non-Disclosure Agreement (NDA).  此信息包括组织联系人列表, 内部处理程序, employee schedules and other information required to function within the organization but too sensitive to release to the public.

示例(注意:列表提供示例，但并非全部)

• 密码或凭据
• 个人识别号码
• 出生日期加上社会安全号码的最后四位数字和姓名
• Credit card numbers with cardholder name or expiration date and/or card verification code
• Tax ID with name
• 驾驶执照号码, state identification card and other forms of national or international identification (such as passports, visas, etc.)加上名字
• 社会安全号码和姓名
• 带有姓名的健康保险信息
• 与个人有关的医疗记录
• 与个人有关的心理咨询记录
• Bank account or debit card information in combination with any required security code, access code, or password that would permit access to an individual’s financial account
• 电子或数字化签名
• 私钥(数码证书)
• 与校园或系统相关的漏洞/安全信息
• 律师/客户端通信
• 大学进行的法律调查
• 根据合同协议的第三方所有权信息
• Sealed bids
• 员工姓名和个人可识别的员工信息
  • 生物识别信息
  • 电子或数字化签名
  • 个人特征

Description

Internal use data is information that must be protected due to proprietary, 道德或隐私方面的考虑.  尽管不受法律的特别保护, 法规或其他法律义务或命令, unauthorized use, access, disclosure, acquisition, modification, 丢失或删除该级别的信息可能会造成经济损失, 造成经济损失的损害, 对基社盟声誉的损害, 侵犯个人隐私权或采取必要的法律行动.

Non-directory educational information may not be released except under certain prescribed conditions.

Level 2 access will be granted on a strict “need-to-know” basis only and will be restricted to authorized staff and other participants who have executed an approved Non-Disclosure Agreement (NDA).  此信息包括组织联系人列表, 内部处理程序, employee schedules and other information required to function within the organization but too sensitive to release to the public.

示例(注意:列表提供示例，但并非全部)

• 身份验证密钥(名称与)
  • 出生日期(完整日期:mm-dd-yy)
  • 出生日期(部分:仅限mm-dd)

• 学生姓名与个人身份的教育记录
  • Grades
  • Courses taken
  • Schedule
  • Test scores
  • 咨询记录
  • 接受的教育服务
  • 纪律的行为

• 员工信息
  • 员工净工资
  • 工作经历
  • Home address
  • 个人电话号码(包括紧急联系人)
  • 个人电子邮件地址
  • Payment History
  • 员工评估
  • 纪律的行为
  • 背景调查
  • 母亲的娘家姓
  • 种族和民族
  • 父母和其他家庭成员的姓名
  • 出生地(城市、州、国家)
  • Gender
  • Marital Status
  • 物理描述
  • 照片(自愿公开展示)

• Other
  • 捐款人姓名、地址、电话、电邮及捐款额
  • 图书馆流通信息
  • 商业秘密或知识产权，如研究活动
  • 关键或受保护资产的位置
  • 授权软件

Description

这些信息通常被认为是公开可用的.  Information at this level is either explicitly defined as public information or intended to be available to individuals both on and off campus or not specifically classified elsewhere as Level 1 or Level 2.

Knowledge of this information does not expose the CSU to financial loss or jeopardize the security of the CSU’s information assets. 

Publicly available data may still be subject to appropriate campus review or disclosure procedures to mitigate potential risks of inappropriate disclosure.

1Cal State LA may disclose “Directory Information” without prior written consent of the student.  However, at any time the student may exercise the option to consider this information confidential by completing the Releasing Student “Directory Information” to Outside Agencies form and submitting it to the 招生和记录中心, SSB 1st Floor. All requests to obtain student directory information must be directed to the 招生和记录中心.

示例(注意:列表提供示例，但并非全部)

• 校园识别钥匙
  • 校园识别码
  • User ID (do not list in a public or a large aggregate list where it is not the same as the student email address)
  • Email
• 学生信息1

教育目录信息(FERPA)包括

• Name
• Address
• 电话号码
• Email address
• Photograph
• 主修领域
• 参加官方认可的活动和体育运动
• 运动员的身高和体重
• 出席日期
• Grade level
• 注册状态
• 获得学位、荣誉和奖励
• Most recent previous educational agency or institution attended by the student

议价单位学生雇员名录信息

• 聘用该学生的院系名称
• 系内学生雇员的电话号码
• 系内学生雇员的电子邮件地址
• 学生雇员的工作分类

• 员工信息(包括学生员工)
  • Employee title
  • 学生员工身份(如TA、GA、ISA)
  • 员工校园邮箱地址
  • 员工工作地点和电话号码
  • 用人部门
  • 员工分类
  • 员工工资毛额
  • 名称(第一、中间、最后)(与受保护数据关联时除外)
  • 签名(非电子)
• 捐赠者的信息
  • 组成的代码
  • 班级、学位、学术组织、专业
  • 以上定义的就业信息
  • Job title