To Home Page To Home Page
General Description
Policy Provisions
Performance Evaluation
Subject Experts
Definitions of Confidential and Sensitive Information (CSI)

Document Number: REDFLAG--102 Revision #: 1.0
Document Owner: Date Last Updated: 11/03/2015
Primary Author: Status: Approved
Date Originally Created: 12/14/2011

General Description

Information about confidential and sensitive information (CSI).


Delineation of policy and definitions.


All faculty, staff, students, and administrators

Responsibility: Administration
VP of Business and Finance

Back to Top

Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions: Additional training

Corrective Action


Loss of privilege, general

Staff members who knowingly and blatantly violate this policy may be terminated.

Back to Top

Policy Provisions

Definitions of Confidential and Sensitive Information (CSI)

Confidential and Sensitive Information includes, but is not limited to, the following identifiers whether contained in hard copy or electronic format.



Personal Information

1. Social Security Number

2. Social Insurance Number

3. Date of Birth

4. Mother’s Maiden Name

5. Driver’s License Information

6. Professional License Information

7. Paychecks, Pay stubs, Pay rates

8. Passport Information



Financial Information

1. Credit Card Numbers

2. Credit Card Expiration Dates

3. Credit Card CCV Numbers

4. Bank/Credit Union Account Numbers

5. Billing Information

6. Payment History



Medical Information

1. Medical Records

2. Doctor Names and Claims

3. Health, Life, Disability Insurance Policy Information

4. Prescription Information



Business Information

1. Federal ID Numbers

2. Proprietary Information

3. Trade Secrets

4. Business Systems

5. Security Systems

6. Employee Identifiers

7. Student Identifiers

8. Access Numbers / Passwords

9. Customer, Student, Patient Identifiers

10. Vendor Numbers

11. Account Numbers




An account is a body of information, or a record, or an individual, group, or entity that is kept for the purpose of transacting on an on-going basis with another individual, group, or entity. The terms “accounts” and “records” are used interchangeably because they share similar functions and characteristics. Both contain identifiable information on an individual,

group, or entity. They each allow for access to products or services, and keep a history of transaction activity.



Covered Account

Both new and existing accounts where a continuing relationship exists between the University and an individual, group, or entity are considered “covered accounts.” There are two definitions.


1. An account that the University offers or maintains, primarily for personal, family, or household purposes, that involve or is designated to permit multiple payments or transactions. Examples include a credit card account, tuition and fee payment, bookstore purchases, and/or other financial transactions of matriculated and non-matriculated students and of employees.

2. Any other account that the University offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or mitigation risks.



Electronic or Soft Copy Format

Electronic or Soft Copy Format refers to any Confidential and Sensitive Information that exists electronically on CDs, DVDs, phones, computers, networks, portable devices, etc.



Hard Copy Format

Hard Copy Format refers to any Confidential and Sensitive Information that exists physically on paper.



Physical Access Zone

A physical access zone is a clearly defined physical or implied boundary established to control and limit access to CSI areas.



Red Flags

Red Flags are patterns, practices, or specific activities involving covered accounts that indicate the possible risk of identity theft.



Service Provider

A service provider is any individual, group, or entity that directly provides a service to the University or on behalf of the University for its customers or clients.



Spoken Word

Spoken Word refers to the transfer of Confidential and Sensitive Information verbally or audibly through electronic media.


Back to Top

Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training
Job Termination
Loss of privileges

Back to Top

Subject Experts
The following may be consulted for additional information.

VP of Business and Finance

Back to Top

This page created 11/03/2015 using Zavanta® version 7.3