Bellevue College is required by law to classify information used to perform the business and academic functions of the college into categories based on the sensitivity of the data.
College policy #5220 – Electronic Data Security (pending) and its pending procedure #5220-P1 – Categories of Electronic Data (Procedures) identify these categories of electronic college data:
Category 1 – Public
- Public information can be or currently is released to the public. It does not need protection from disclosure, but does require integrity and availability protections to protect it from unauthorized change. This does not include otherwise public records that are exempted from public access by RCW 42.56.210 and WAC 132H-169-070.
- The college has also determined that certain student data–which otherwise may have been classified category 2 or higher—falls into this category as designated FERPA directory information, and may be disclosed upon request. This includes:
- Student Name
- Degree or certificate awarded
- Dates of attendance
- Athletic statistics
- Scholarships received
- Membership or office in BC student government or honor society
- Part or full-time student status
- Previous schools attended
- Student’s e-mail address
Category 2 – Sensitive
- Sensitive information may not be specifically protected from disclosure by law or policy, but is generally for official use only.
- Sensitive information held by the college may not be released to the public unless specifically requested through college procedures.
Category 3 – Confidential
- Confidential information is specifically protected from disclosure by state or federal law or regulations.
- Data under this classification includes personally identifying information about individuals that college officials are obligated to protect to prevent identity theft or similar crimes or abuses.
- This is usually someone’s name in combination with any of the following: personal address, personal telephone number, date of birth, government –issued driver’s license or identification number, alien registration number, passport number, or employee/student ID number (SID).
- It may also include, but is not limited to:
- Information concerning employee payroll and personnel records.
- Other information that is inherently personal, such as identifying information as defined under the federal Fair and Accurate Credit Transactions Act.
- Information regarding IT infrastructure or security of computer and telecommunications systems which could result in fraud, illicit disclosure of, or modification to, information.
- This includes passwords or other information used to access computer systems and applications.
Category 4 – Confidential, with special handling
- This is information specifically protected by law from disclosure, and is information for which especially strict handling requirements and protections are dictated, such as by statutes, regulations, or agreements.
- This includes, but is not limited to:
- Non-directory student data and education records protected under the Family Educational Rights and Privacy Act (FERPA).
- Medical information protected under the Health Information Portability and Accountability Act (HIPAA).
- Data which has shared with Bellevue College for which a contract or agreement sets forth specific and strict handling requirements.
- Data from which serious consequences could arise from unauthorized disclosure, such as threats to health and safety, or legal sanctions.
Other data under this classification can include:
- Social Security Numbers (SSN),
- Credit card numbers,
- Credit card expiration dates,
- Personal Identification Numbers,
- Credit card security codes,
- Financial profiles,
- Bank routing numbers, and
- Law enforcement records,
as well as other types of information.