Protection Level: Highest

It is important that you handle Restricted information with the greatest of care, and for legitimate business purposes only. Restricted information is afforded special protections in addition to the provisions within University policies, and is governed by state and federal law. 

Summary: Handling Restricted Information

Store (Data at Rest) Information must be secured*
Share (Data in Transit) Information must be secured*
Access Device must be password-protected
Physical (Hard) Copies

Identification: Mark documents as “Restricted”; Protection: Store documents in locked locations. Place printers and FAX machines in locked areas.

* Solutions to properly secure Restricted information include: encryption, access controls, multi-factor authentication, and network isolation.

Have Questions? Suspect a Compromise?

If you suspect that Restricted information may have been compromised, report your concern to the Help Desk immediately. State and Federal laws require that unauthorized access to certain Restricted information must be reported to the appropriate agency or agencies. All reporting of this nature must be done by or in consultation with the Office of the General Counsel. The Help Desk is also available to assist with any questions concerning the proper classification of Princeton information.

Always Restricted:

  • Social security numbers
  • Bank account numbers
  • Driver’s license numbers
  • State identity card numbers
  • Credit card numbers
  • Protected health information (as defined by HIPAA)