Texas A&M UniversityTechnology Services

Search this Site

Texas A&M University | Technology Services
Texas A&M UniversityTechnology Services

Understanding Data Classification for Research

Understanding data classifications for research is crucial. While a data set used may have a classification of “public”, after downloading that data set, and beginning to work with it, things can change.

What is Research Data?

Research data is defined in TAMU SAP 15.99.03.M1.03 "The Responsible Stewardship of Research Data". This SAP states that "...Research data is defined by the U.S. Office of Management and Budget (OMB) Circular A110/2CFR 215.36 as “the recorded factual material commonly accepted in the scientific community as necessary to validate research findings.” It includes recorded information produced in any form or media during a research investigation. Research data may consist of research notes, laboratory notebooks, textual information, numeric information, images, audio and video recordings, diagrams, instrumental readouts, photos, reports, publications, samples, materials and other recorded information necessary for the reconstruction and evaluation of reported results of research. It also includes the protocols, charts, graphs, and other information, events and processes that lead to results. Research data does not include “preliminary analyses, drafts of scientific papers, plans for future research, peer reviews or communications with colleagues.” The definition of “research data” may be more specific or expanded by specific federal regulations or sponsor requirements of individual sponsored agreements..."

University Data Classifications

At TAMU, research data can fall under three different university data classifications: "university-internal", "university-confidential", or "critical":

University-Internal Data

Data classified as university-internal data is information that may be accessed by eligible employees in the course of university business. This information is not generally created for or made available for public consumption, but it may be subject to public disclosure through the Texas Public Information Act or similar laws. Such data must be appropriately protected to ensure lawful release. Research data that falls under this classification are:

  • General research information.
  • Certain types of data associated with research activities, but outside the definition of research data: preliminary analyses, drafts of scientific papers, plans for future research, peer reviews or communications with colleagues.
  • Patent applications and work papers.

See TAMU Information Security Controls Catalog “University-Internal Data (DC-4)” for more.

University-Confidential Data

The university-confidential classification level is used for data that is restricted because of legal, ethical, or contractual constraints, and should not be accessed without specific authorization. Improper release of data in this category would have a significant adverse impact to the university. Data in this category is often specifically protected by federal or state law, and may be subject to state or federal breach notification requirements. Data in this category is generally not subject to release under open records laws. Research data that falls under this classification are:

  • Export controlled information covered under the International Traffic in Arms Regulation (ITAR) or Export Administration Regulations (EAR)
  • Human subject data and IRB-controlled research data
  • Most research data as defined by SAP 15.99.03.M1.03: “the recorded factual material commonly accepted in the scientific community as necessary to validate research findings.”

See TAMU Information Security Controls Catalog "University-Confidential Data (DC-5)" for more.

Critical Data

The critical data classification level is used for data that can likely result in criminal or civil penalties if inappropriately handled. This is the highest level of classification for data, and use is limited to explicitly designated individuals with a stringent business requirement. Data in this category is specifically protected by federal or state law, and is typically subject to exacting breach notification requirements. Data in this category is never subject to release under open records laws, but may still be released due to a legal discovery process or court order. Research data that falls under this classification are:

  • Information classified under the Atomic Energy Act of 1954.
  • Highly classified research.
  • Information covered by the Invention Secrecy Act of 1951.
  • Research information classified as Level 5 by an Institutional Review Board (IRB) or otherwise required to be stored or processed in a high security environment.

See TAMU Information Security Controls Catalog "Critical Data (DC-6)" for more.

Learn more about Data Classification

Last Modified: August 19, 2025