The Scope
The provisions of this policy apply to all data received, generated, or handled by public entities, regardless of their source, form, or nature. This includes paper records, meetings, communications via social media and applications, email messages, data stored on electronic media, audio or video tapes, maps, photographs, manuscripts, handwritten documents, or any other form of recorded data.
Key Principles of Data Classification
- Principle 1: The Default is Availability.
- Principle 2: Necessity and Proportionality.
- Principle 3: Timely Classification.
- Principle 4: Highest Level of Protection.
- Principle 5: Separation of Duties.
- Principle 6: Need-to-Know.
- Principle 7: Minimum Privileges.
Data Classification Levels
- Public Data: Data that can be shared within and outside the university, and its disclosure has a neutral or positive impact on the university.
- Restricted Data: Data that can only be shared within the university, not outside, and its disclosure does not negatively impact the university.
- Confidential Data: Data that is disclosed within a single department or project, and is moderately sensitive, and its disclosure may harm the university.
- Highly Confidential Data: Data shared with specific individuals, not redistributable or publishable to unauthorized persons, and its disclosure has a high impact on the university's reputation.
