Sensitive data, as defined in the UVA Policy IRM-003: Data Protection of University Information, are: data, records, and files that:
- may be withheld from release under the Virginia Freedom of Information Act (FOIA),
- are not public records,
- do not enable identity theft,
- are not protected health information (PHI).
Examples include information concerning the prevention of or response to cyber-attacks, or information that describes a security system used to control access to or use of an automated data processing or telecommunications system, or research records that do not contain Highly Sensitive Data, University ID numbers, i.e., those printed on University ID cards, and/or Family Educational Rights and Privacy Act-protected data not covered under the definition of “Highly Sensitive” data. This category of data also includes any data or record covered by the exemptions listed in the Commonwealth of Virginia Freedom of Information Act).