Data Classification is the method to identify the sensitivity of data. The classification is determined by the inherent risks to a person or the institution from a breach or wrongful disclosure of the data.
A breach or wrongful disclosure of data can adversely affect people and impact our core mission. You are required under the Digital Information Security Policy to exercise due diligence when handling Institutional or personal information. The degree of due diligence and data handling practices are selected according to the classification of the data in your care; Confidential, Internal or General data.
This page includes the following sections:
Classifications - list of classifications and impact
Using the Classifications - how to classify data
Data Handling Instructions - how to protect data while in your care
General Instructions
Special Instructions
Classifications
GENERAL - Minor (1) Impact
Information published or promoted for the public or is already publicly available.
- data publicly available about a person or organization
- blank resources, templates, forms, and applications
- pre-enrollment course information (e.g. curriculum, fees, learning outcomes)
- compensation schemes and benefits programs
- organizational charts
- open or publically accessible data
- highly aggregated, de-identified data
- research publication or published analysis
- data about the resource owner or copyright holder
- service catalog
- published reports, documents, and information
Exercise reasonable care to safeguard the integrity and availability of information.
See Handling Instructions
Limited negative media coverage, disruption, and embarrassment after information on a Faculty’s main website was accidentally changed.
INTERNAL - Moderate (2) Impact
Information required for an internal business process, operational decision, or proprietary to Queen’s or a member.
- queen's issued identification (e.g. NetID, student and employee number, personal contact information, age)
- medical notes
- data involving hazardous materials
- employment contracts, performance, evaluations, and assessments.
- audit or assessment findings and mitigations
- compliance activities and reports
- insurance claims
- draft or unpublished documents, research, projects, and data
- digital authenticators (e.g. passwords. pins, tokens, fobs)
- diagrams for network, architecture, technical design, and configurations
- system logs and transactional diagrams
- source code
- risk registers
- location of building security (e.g. keys, access codes, lock combinators, morgue, security cameras)
- market research
Exercise vigilance to safeguard the privacy, integrity, and availability of the information.
See Handling Instructions
Sustained operational disruption, risk of a small fine or reduced funding, academic forgery, and extortion threats after information containing exam material for a Faculty was stolen.
CONFIDENTIAL - Major (3) Impact
Information about a student, a person’s health or wellness, trade secret, or other highly sensitive information often governed by legislation (e.g. Freedom of Information and Protection of Privacy Act, Personal Health Information Protection Act) or legal agreement (e.g. CHIR, PCI), or for which a person may feel is private.
- government-issued identification (e.g. health card, driver's license, passport)
- medical files, tests, and results
- student evaluation, progression, and reports
- student's application, fees, loans
- employee's salary
- employee evaluation and disciplinary actions
- medical or accommodations
- sensitive or high profile incidents (e.g. privacy breach)
- data assets containing personal identifiers
- payment card data
- private donations
- public key infrastructure
- source code owned by ֱ
Exercise judicious care as prescribed in law, third-party arrangement, or other legal agreement.
See Handling Instructions
Withdrawal of research funding, widespread negative media coverage, Identity theft, fraud, sanctions, or other legal actions after large volumes of information containing government identification, account passwords, and banking a major data breach or wrongful disclosure of personal government identification and account password.
Using the Classifications
Information is a significant institutional asset and valuable to people thereby imperative it is appropriately handled in a manner to minimize the potential adverse impact (Minor, Moderate, Major) on a person or to the institution from a breach of wrongful disclosure of the data.
Governing policy – Digital Information Security Policy
Steps | Guidance |
---|---|
Step 1 - Familiarize yourself with the definitions of each classification. Decide if a classification is only needed for the record or will be assigned to specific content. |
You may assign a classification to specific content in a record if you can control access to the content. If this is the case then the classification for the record would be the classification of the most sensitive content.
|
Step 2 - Compare types of data in the information record with the data examples to determine if the record contains sensitive data (Internal or Confidential data). |
(i) Internal and Confidential data are both sensitive however Confidential is considered more sensitive than Internal data because a breach or wrongful disclosure of this type of data has the potential for a broader impact on a person or the institution.
(ii) When sensitive data is in aggregate form, de-identified, anonymized, and sanitized then it may be classified as GENERAL. For example, a report about the average age of 1000 graduate students includes each students' name and date of birth (personal information). By removing the personal information, the aggregated information record would be classified as General. |
Step 3 - Handle the information record according to the Instructions by classification. | |
Step 4 - Periodically review the classification of information records for which you are responsible. |
Guidance
(i) The classification of an information record may change over time (e.g. a change to policy or legislation) or become more sensitive when combined with other information records. In some cases, aggregation of large quantities of information records can reveal sensitive patterns and/or plans and may facilitate access to systems. Typically, the sensitivity of information records is likely to be greater in combination than in isolation (e.g. association of a bank account with the identity of one employee or all employees).
(ii) Members responsible for technology (e.g. System Owner, Business Owner) should maintain an inventory of the types of sensitive data processed, stored, or transmitted by the technology. The inventory should include the type of data by the record, volume of records, storage location, and a backup plan in the event the record is lost. |
Data Handling Instructions
GENERAL INSTRUCTIONS
- A classification is assigned to information or a collection of information.
- The classification is an attribute of information (metadata) and is managed along with the information.
- Access to information is appropriate for the recipient; and applicable for the intended purpose.
- Electronic information is encrypted when transmitted.
- Access to information is revoked when it is no longer required for the intended purpose, change in role or function, and when named members leave the university.
SPECIAL INSTRUCTIONS
Access, Sharing, Disclosing
Security practices for access, authentication, and access monitoring. It is customary to ensure the context and information record are applicable and appropriate for whom you are sharing it.
(ii) Accounts may be assigned to one or more functional role(s) used to manage application-level permissions assigned to the account. The use of role-based access control should be based on a cost/risk analysis.
(iii) When feasible, access to an end-user device should require a secret key (e.g. password, biometric).
Confidential | Internal | General |
---|---|---|
|
|
|
Confidential | Internal | General |
---|---|---|
|
|
Electronic Messaging (e.g. e-mail, chat, text)
Security Practices for mailing or electronically transmitting information records.
ii. When collaborating on information records, use a ֱ collaboration service to ensure the information record is encrypted while in use.
iii. Use the ֱ E-Mail Service (Microsoft Outlook) to ensure the message is encrypted when sent to another ֱ e-mail account.
iv. Use the 'sensitivity level' feature in Microsoft office and collaboration tools to easily label information records.
v. It is customary to ensure the context and information record you are sending is applicable and appropriate for the receiving audience.
Confidential | Internal | General |
---|---|---|
|
|
|
Confidential | Internal | General |
---|---|---|
|
|
|
Interoffice Mail
Confidential | Internal | General |
---|---|---|
|
|
|
Postal Mail
Confidential | Internal | General |
---|---|---|
|
|
Fax
Confidential | Internal | General |
---|---|---|
|
|
|
Confidential | Internal | General |
---|---|---|
|
|
Data Storage
The following instructions apply when storing an information record. There are no specific requirements for GENERAL information.
ii. Use the 'sensitivity level' feature in Microsoft office and collaboration tools to easily label information records.
iii. Use the ֱ E-Mail Service (Microsoft Outlook) to ensure the message is encrypted when sent to another ֱ e-mail account.
iv. When feasible, access to an end-user or storage device should require a secret key (e.g. password, biometric).
Confidential | Internal |
---|---|
|
|
Digital Records
Confidential | Internal |
---|---|
|
|
Information Record Disposal
The following instructions are applicable when information record under your care is no longer required for an administrative or academic activity and according to its record retention schedule. There are no specific requirements for GENERAL information.
Confidential | Internal |
---|---|
|
|
Confidential | Internal |
---|---|
|
|