Glossary
Become familiar with terms seen frequently in IT's Policies & Standards pages.
- User account: an account assigned to a currently active staff member, student, or university affiliate for the purpose of accessing information technology services and systems.
- Privileged user account: an account assigned to an individual with responsibilities for administering information technology services or systems. These accounts generally have elevated permissions to perform tasks that, if unauthorized, could potentially compromise the security of systems and data or disrupt operations.
- Non-person (system/service) account: an account assigned to a system or service that accesses, transmits or edits data, system configurations or computer programs.
- Critical system: a system deemed critical to support the university’s mission critical operations. These are systems identified as highest priority for restoration during a disaster scenario.
- Sensitive system: a system that stores or processes data classified as protected or sensitive in the university’s Data Classification and Protection policy.
- Sensitive Data: iinformation considered highly confidential or personal information protected by statutes, regulations, university policies or contractual language which, if exposed or breached, could result in legal damages, fines/penalties, identify theft and/or financial fraud.
- Sensitive and personally identifiable information includes any data that can be used to distinguish or trace an individual's identity, either alone or when combined with other information. Examples include a name, home address, email address, social security number, driver's license number, bank account number, passport number, date of birth, biometrics such as fingerprints, or information that is linked or linkable to an individual such as medical, educational, financial, and employment information.
- Information such as gender, race, religion, and marital status are typically not considered PII alone. However, this information should still be treated as sensitive because it could identify an individual when combined with other data.
- Specific examples of sensitive and personally identifiable information include:
- Social security numbers
- Driver's license numbers
- Credit/debit card numbers
- Passport numbers
- Taxpayer identification numbers
- Federal ID numbers
- Student financial aid data
- Employee health records
- Financial data that informs the university’s end-of-year financial statements
- System account credentials
- Sensitive data does not include information in the William & Mary directory or data that is made public by the university. Furthermore, the university has no obligation to protect an individual’s personal information if the personal information is provided to a third-party by another supplier without the involvement of the university.
- Protected Data: information that is protected by statutes, regulations, university policies or contractual language but which does not carry the same level of risk as Sensitive and Personally Identifiable Information. By way of illustration only, some examples of Protected Data include:
- Student educational records protected by the Family Educational Rights and Privacy Act (FERPA). Under FERPA, education records are any documents, files, and/or other materials that contain information directly related to a student, are personally identifiable to that student, and are maintained by the university or a university agent. These records include but are not limited to grades, transcripts, class lists, student course schedules, contact and family information, student health records, student financial information (at the postsecondary level), and student discipline files. The information may be recorded in any way, including, but not limited to, handwriting, print, computer media, videotape, audiotape, film, microfilm, microfiche, and e-mail.
- FERPA designates several types of records that are exceptions to this definition, including law enforcement records and medical and treatment records. For more detailed information contact the University Registrar at ferpa@wm.edu or visit the webpage Student Records Privacy Policy and Notification of Rights under FERPA
- Personal information or giving history collected from a donor, alumnus, or another individual
- Employment or non-identifiable personnel data
- Banner 93 numbers
- Performance evaluations
- Student educational records protected by the Family Educational Rights and Privacy Act (FERPA). Under FERPA, education records are any documents, files, and/or other materials that contain information directly related to a student, are personally identifiable to that student, and are maintained by the university or a university agent. These records include but are not limited to grades, transcripts, class lists, student course schedules, contact and family information, student health records, student financial information (at the postsecondary level), and student discipline files. The information may be recorded in any way, including, but not limited to, handwriting, print, computer media, videotape, audiotape, film, microfilm, microfiche, and e-mail.
- Non-Sensitive data: information that may or must be open to the general public. It is defined as information with no existing local, national or international legal restrictions on access or usage. By way of illustration only, some examples of Non-Sensitive data include:
- Publicly posted press releases
- Publicly posted schedules of classes.
- Publicly posted interactive university maps, newsletters, newspapers, and magazines.
- Public announcements, advertisements, directory information, and other freely available data on university websites.
Questions?
Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | support@wm.edu | Monday - Friday, 8:00 am - 5:00 pm
