Data Classification
In order to make sure you handle, process, store, and access data correctly you will need to classify the data in question.
The below table will give guidance in classifying your data. For more information on data storage options please see our Data Storage Overview.
Quick Reference Grid for Data Classification
Full Data Classification, approved by Board, is in the Cloud Computing Policy.
Data Classification | Description of Data | Working Examples of Data | Storing, Accessing & Sharing this Data | |
---|---|---|---|---|
Non-Confidential | Public |
Such data is available for anyone to see. It is often made available to the public via the Trinity website. |
|
Data should be subjected to internal review before issuing. Access to this data is not usually restricted, i.e. a username and password are not required to access this data. Storage: any Trinity-operated service as this information is deemed publicly accessible. |
University Internal | Such data is generally available to all staff and students at Trinity. |
|
Access is usually restricted to members of Trinity. A username and password are required to access this data. This data should be stored in a service that has access control to internal users and requires a password for individual access. Storage: OneDrive, SharePoint Online, Teams, NAS, Trinity Computers and mobile devices |
|
Confidential | Restricted |
This is data that is usually not made available to all staff, and which could result in legal action, reputational damage or financial loss.
|
|
Access to this data is restricted to the people that are entitled to use it. But generally, this will be a large number of staff and the data is not as confidential or sensitive as the critical data described below. A username and password are required to access this data. This data should be stored in a service that has access control specified to certain users or groups (i.e. department, school list) and requires a password for individual access.
Storage: OneDrive, SharePoint Online, Teams, NAS, Trinity Computers and mobile devices |
Critical |
Inappropriate use of this information could result in legal action, financial loss, and severe reputational damage to Trinity.
|
|
Access to such data is tightly controlled, with only a few individual users being entitled to see or use the data. Critical data is generally stored in purpose-built applications, often in an encrypted format, even within internal security systems. Storage: Research Databases, Admin Databases under specific design eg: SITS, CORE |
* Personal Data: Data relating to a living individual who is or can be identified from the data, including Name, Address, ID Number, CCTV Footage, Student Records, and Personnel Records.
** Confidential Business Data: Commercially Sensitive data for which we have an institutional obligation to protect, including high-value data that comprise intellectual property for research projects, commercial / employment contracts, and confidential meeting minutes.
*** Sensitive Personal Data: Physical or mental health, Racial origin, Political opinions, Religious or other beliefs, Sexual life, Criminal convictions, Payroll records, Bank account details, Biometric data, and Trade Union membership.