UIS.401.1T High Risk Data Table

An Authentication Verifier is a piece of information that is held in confidence by an individual and used to validate a person’s or system’s identity. An Authentication Verifier may also be used to prove the identity of a system or service. Examples include, but are not limited to:

Passwords

Biometric data

Cryptographic private keys

University Gramm-Leach-Bliley Act (GLBA) Policy.

PHI is defined as “individually identifiable health information” transmitted by electronic media, maintained in electronic media or transmitted or maintained in any other form or medium by a Covered Component, as defined in Georgetown University’s HIPAA Policy. PHI is considered individually identifiable if it contains one or more of the following identifiers:

Name

Address

birth date, admissions date, discharge date, date of death and exact age if over 89)

Telephone numbers/Fax numbers

Electronic mail addresses

Social security numbers

Medical record numbers

Health plan beneficiary numbers

Account numbers

Certificate/license numbers

Vehicle identifiers and serial numbers, including license plate number

Device identifiers and serial numbers

Universal Resource Locators (URLs) or web address that can indicate the location of PHI data or mechanisms to retrieve the PHI data.

Internet protocol (IP) addresses

Biometric identifiers, including finger and voice prints

Full face photographic images and any comparable images

Any other unique identifying number, characteristic or code that could identify an individual

Per Georgetown University’s HIPAA Policy, PHI does not include education records or treatment records covered by the Family Educational Rights and Privacy Act or employment records held by the University in its role as an employer.

PHI cannot be transmitted through or stored within any system not architected to protect it in accordance with Federal and University regulations.

FTI is defined as any return, return information or taxpayer return information that is entrusted to the University by the Internal Revenue Services.

Personally Identifiable Student Records are defined as any Student Records that contain one or more of the following personal identifiers:

Name of the student

Name of the student’s parent(s) or other family member(s)

Social security number

Student’s GUID number

A list of personal characteristics that would make the student’s identity easily traceable

Any other information or identifier that would make the student’s identity easily traceable

See Georgetown University’s Student Record Policy for more information.

PII is defined as a person’s first name or first initial and last name in combination with one or more of the following data elements:

Social security number

State-issued driver’s license number

State-issued identification card number

Financial account number in combination with a security code, access code or password that would permit access to the account

Medical and/or health insurance information

Documents and data labeled or marked ‘For Official Use Only’ are a pre-cursor of Controlled Unclassified Information (CUI) as defined by National Archives (NARA)

Where applicable, the EU’s General Data Protection Regulation (GDPR) defines personal data as any information that can identify a natural person, directly or indirectly, by reference to an identifier including:

Name

An identification number

Location data

An online identifier

One or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Information related to Georgetown’s network devices and infrastructure, power plant services and configurations