Data Classification Standard

Data Classification is the method to identify the sensitivity of data. The classification is determined by the inherent risks to a person or the institution from a breach or wrongful disclosure of the data.

A breach or wrongful disclosure of data can adversely affect people and impact our core mission. You are required under the Digital Information Security Policy to exercise due diligence when handling Institutional or personal information. The degree of due diligence and data handling practices are selected according to the classification of the data in your care; Confidential, Internal or General data.

This page includes the following sections:

    Classifications - list of classifications and impact
    Using the Classifications - how to classify data 

    Data Handling Instructions - how to protect data while in your care
        General Instructions 
        Special Instructions


Classifications

GENERAL - Minor (1) Impact

Information published or promoted for the public or is already publicly available.

 

Data Examples
  • data publicly available about a person or organization
  • blank resources, templates, forms, and applications
  • pre-enrollment course information (e.g. curriculum, fees, learning outcomes)
  • compensation schemes and benefits programs
  • organizational charts
  • open or publically accessible data
  • highly aggregated, de-identified data 
  • research publication or published analysis
  • data about the resource owner or copyright holder
  • service catalog
  • published reports, documents, and information

Exercise reasonable care to safeguard the integrity and availability of information.
See Handling Instructions

 

Risk

Limited negative media coverage, disruption, and embarrassment after information on a Faculty鈥檚 main website was accidentally changed.

 

INTERNAL - Moderate (2) Impact

Information required for an internal business process, operational decision, or proprietary to Queen鈥檚 or a member.

 

Data Examples
  • queen's issued identification (e.g. NetID, student and employee number, personal contact information, age)
  • medical notes
  • data involving hazardous materials
  • employment contracts, performance, evaluations, and assessments. 
  • audit or assessment findings and mitigations
  • compliance activities and reports
  • insurance claims
  • draft or unpublished documents, research, projects, and data
  • digital authenticators (e.g. passwords. pins, tokens, fobs)
  • diagrams for network, architecture, technical design, and configurations
  • system logs and transactional diagrams
  • source code
  • risk registers
  • location of building security (e.g. keys, access codes, lock combinators, morgue, security cameras)
  • market research

Exercise vigilance to safeguard the privacy, integrity, and availability of the information.
See Handling Instructions

 

Risk

Sustained operational disruption, risk of a small fine or reduced funding, academic forgery, and extortion threats after information containing exam material for a Faculty was stolen.

 

CONFIDENTIAL - Major (3) Impact

Information about a student, a person鈥檚 health or wellness, trade secret, or other highly sensitive information often governed by legislation (e.g. Freedom of Information and Protection of Privacy Act, Personal Health Information Protection Act) or legal agreement (e.g. CHIR, PCI), or for which a person may feel is private.

 

Data Examples
  • government-issued identification (e.g. health card, driver's license, passport)
  • medical files, tests, and results
  • student evaluation, progression, and reports
  • student's application, fees, loans
  • employee's salary
  • employee evaluation and disciplinary actions
  • medical or accommodations
  • sensitive or high profile incidents (e.g. privacy breach)
  • data assets containing personal identifiers
  • payment card data
  • private donations
  • public key infrastructure
  • source code owned by Queen's

Exercise judicious care as prescribed in law, third-party arrangement, or other legal agreement.
See Handling Instructions

 

Risk

Withdrawal of research funding, widespread negative media coverage, Identity theft, fraud, sanctions, or other legal actions after large volumes of information containing government identification, account passwords, and banking a major data breach or wrongful disclosure of personal government identification and account password.

Top of page 鈫

 


 

Using the Classifications

Information is a significant institutional asset and valuable to people thereby imperative it is appropriately handled in a manner to minimize the potential adverse impact (Minor, Moderate, Major) on a person or to the institution from a breach of wrongful disclosure of the data.

Governing policy 鈥 Digital Information Security Policy

Steps Guidance
Step 1 - Familiarize yourself with the definitions of each classification. Decide if a classification is only needed for the record or will be assigned to specific content.
You may assign a classification to specific content in a record if you can control access to the content. If this is the case then the classification for the record would be the classification of the most sensitive content.
Step 2 - Compare types of data in the information record with the data examples to determine if the record contains sensitive data (Internal or Confidential data).
(i) Internal and Confidential data are both sensitive however Confidential is considered more sensitive than Internal data because a breach or wrongful disclosure of this type of data has the potential for a broader impact on a person or the institution.
(ii) When sensitive data is in aggregate form, de-identified, anonymized, and sanitized then it may be classified as GENERAL. For example, a report about the average age of 1000 graduate students includes each students' name and date of birth (personal information). By removing the personal information, the aggregated information record would be classified as General.
Step 3 - Handle the information record according to the Instructions by classification.  
Step 4 - Periodically review the classification of information records for which you are responsible.
Guidance
(i) The classification of an information record may change over time (e.g. a change to policy or legislation) or become more sensitive when combined with other information records. In some cases, aggregation of large quantities of information records can reveal sensitive patterns and/or plans and may facilitate access to systems. Typically, the sensitivity of information records is likely to be greater in combination than in isolation (e.g. association of a bank account with the identity of one employee or all employees).
(ii) Members responsible for technology (e.g. System Owner, Business Owner) should maintain an inventory of the types of sensitive data processed, stored, or transmitted by the technology. The inventory should include the type of data by the record, volume of records, storage location, and a backup plan in the event the record is lost.

 

Data Handling Instructions

GENERAL INSTRUCTIONS

  • A classification is assigned to information or a collection of information.
  • The classification is an attribute of information (metadata) and is managed along with the information.
  • Access to information is appropriate for the recipient; and applicable for the intended purpose.
  • Electronic information is encrypted when transmitted.
  • Access to information is revoked when it is no longer required for the intended purpose, change in role or function, and when named members leave the university.

SPECIAL INSTRUCTIONS

Access, Sharing, Disclosing

Security practices for access, authentication, and access monitoring. It is customary to ensure the context and information record are applicable and appropriate for whom you are sharing it.

 

Guidance
(i) Assign application-level permissions (e.g. view, edit, delete) to each account prior to use.
(ii) Accounts may be assigned to one or more functional role(s) used to manage application-level permissions assigned to the account. The use of role-based access control should be based on a cost/risk analysis.
(iii) When feasible, access to an end-user device should require a secret key (e.g. password, biometric).
Access, Sharing, or Disclosing Information is:
 
Confidential Internal General
  • Based on a demonstrated 鈥榥eed to know鈥 and with approval from the Information Steward, information owner, Unit Head or Risk Owner; or by legal order,
  • Authorized to an individual who signed an applicable Confidentiality and Non-Disclosure agreement,
  • Attributable to the individual,
  • Limited to the least possible information, and
  • Granted to an individual(s) whose identity is verified using two (2) different identifiers being something one knows, something one has, or who one is.
  • Based on a demonstrated 鈥榥eed to know鈥 and with approval from the Unit Head or Risk Owner; or by legal order,
  • Authorized to an individual(s), or unit of individuals who signed an applicable Confidentiality and Non-Disclosure agreement,
  • Attributable to the individual, and
  • granted to an individual whose identity is verified using two (2) different identifiers being something one knows, something one has, or who one is.
  • Encouraged for information discoverable in the public domain; otherwise,
  • With approval from the Information Steward or the information owner,
  • Attributable to the individual, and
  • granted to an individual whose identity is verified using two (2) identifier(s) being something one knows, something one has, or who one is.
 
Access to Information is Routinely Monitored:
Confidential Internal General
  • To verify an individual鈥檚 access is appropriate and the assigned permissions (view, share, change, delete, or archive information) are applicable.
  • Events about who did what with what data are recorded.
  • The recorded information may include geographic location, identifying particulars and behavioral biometrics (e.g. facial image, keystrokes, voiceprints), source/destination IP address, NetID, name, data action, date\time, technology configuration or settings, system-generated messages, and identifiers,
  • Events are reviewed at a frequency that considers the level of risk associated with an event (CIRP),
  • The type (full or partial), frequency, scope, and breadth of monitoring is based on the level of risk to a person or the institution from an incident, public data breach, and threats to the information
  • Access review occurs at least every three (3) years.
  • An access review (who can do what with information) is conducted every 3 years or more frequently based on an assessment of risk to information following a breach or wrongful disclosure of the data.
  • Review findings exceeding the institution鈥檚 tolerance, as determined by a unit Risk Owner, are corrected in a reasonable timeframe.
 

 

Electronic Messaging (e.g. e-mail, chat, text)

Security Practices for mailing or electronically transmitting information records.

 

Guidance
i. Send a link to information record in a collaboration or storage service (e.g. Teams, OneDrive) instead of including the information record in the message body or as an e-mail attachment. The recipient will be required to log-in to the collaboration service prior to accessing the information record.
ii. When collaborating on information records, use a Queen's collaboration service to ensure the information record is encrypted while in use.
iii. Use the Queen's E-Mail Service (Microsoft Outlook) to ensure the message is encrypted when sent to another Queen's e-mail account.
iv. Use the 'sensitivity level' feature in Microsoft office and collaboration tools to easily label information records.
v. It is customary to ensure the context and information record you are sending is applicable and appropriate for the receiving audience.
Electronic Messaging (e.g. e-mail, chat, text)
Confidential Internal General
  • Verify you have the correct contact information before sending.
  • Include 鈥淩ead鈥 receipt as appropriate.
  • Label the message 鈥淐onfidential鈥.
  • Provide the least information in the message body.
  • Send a link to the information when it is shared.
  • Include the classification in the message with its classification.
  • A reasonable level of care is followed.

 
Phone or Voice Mail
Confidential Internal General
  • The person's identity is verified prior to discussing the information.
  • Only contact information is left on a voice mail.
  • Never share with an unsolicited caller.
  • Verify you are speaking with the correct person
  • A reasonable level of care is followed.

Interoffice Mail
Confidential Internal General
  • Enclose the record in a sealed envelope, addressed to the recipient, labeled as 鈥淧ersonal and Confidential鈥, and include a return address.
  • Enclose the sealed envelope in an inter-office envelope addressed to the recipient.
  • The context of the data is appropriate and applicable to the recipient.
  • A reasonable level of care is required.

Postal Mail
Confidential Internal General
  • Use authorized courier service or registered mail only.
  • Enclose the record in a sealed envelope, addressed to the recipient, labeled 鈥淧ersonal and Confidential鈥, and include a return address.
  • Enclose the sealed envelope in another envelope, addressed to the recipient with your return address.
  • Enclose the record in a sealed envelope, addressed to the recipient with your return address, and labeled Personal
 

Fax
Confidential Internal General
  • Use other methods whenever possible. Avoid sending by fax.
  • Obtain approval from the recipient to send by fax.
  • Take reasonable care in dialing
  • Use a cover sheet indicating the name of the recipient, "Personal and Confidential", whom to contact if undelivered and how to destroy the information record.
  • Require a receipt notice
  • Confirm with the recipient the fax was received.
  • Use other methods whenever possible. Avoid sending by fax.
  • Obtain approval from the recipient to send by fax.
  • Take reasonable care in dialing
  • Use a cover sheet indicating the name of the recipient, "Personal", whom to contact if undelivered and how to destroy the information record.
  • Require a receipt notice
  • Confirm with the recipient the fax was received.
  • A reasonable level of care is required.

Print
Confidential Internal General
  • Use a secure print function that requires a secret key to access the job.
  • Never leave copies unattended at a printer.
  • Double-check the recipient's address prior to scanning. Refer to Information record Transmission for e-mail instructions.
  • When using a shared printer or a printer in a public space, use a secure print function that requires a secret key to access the job.
  • Never leave copies unattended at a printer.
  • Double-check the recipient's address prior to scanning. Refer to Information record Transmission for e-mail instructions.
 

 

 

Data Storage

The following instructions apply when storing an information record. There are no specific requirements for GENERAL information.

 

Guidance
i. Store electronic information records in a Queen鈥檚 storage services (e.g. Teams, OneDrive, network file share). The information record will automatically be encrypted and backed up.
ii. Use the 'sensitivity level' feature in Microsoft office and collaboration tools to easily label information records.
iii. Use the Queen's E-Mail Service (Microsoft Outlook) to ensure the message is encrypted when sent to another Queen's e-mail account.
iv. When feasible, access to an end-user or storage device should require a secret key (e.g. password, biometric).
Paper Records
Confidential Internal
  • Information is stored in a Queen鈥檚 storage environment (e.g. network file share, Teams).
  • Store information records in an access-controlled location (e.g. non-public area with restricted access, locked office), a secure filing cabinet (e.g. pick-proof lock, fire retardant), or safe with a combination lock
  • Label the information record as "Confidential"
  • Information records shall be kept in an access-controlled location (e.g. non-public area with restricted access, locked office), a secure filing cabinet (e.g. pick-proof lock, fire retardant), or safe.
  • This includes devices used to store, process, or transmit information records as well as information records waiting to be disposed of.
  • Label the information record as Internal.

Digital Records
Confidential Internal
  • Encrypt or otherwise protect the information record with a secret key (e.g. password).
  • Do not store the secret key in the same file location as the protected document.
  • Label the information record as "Confidential".
  • Store the information record on devices and services evaluated by Queen's as suitable for highly sensitive information records.
  • Encrypt or otherwise protect the information record with a secret key (e.g. password).
  • Do not store the secret key in the same file location as the protected document.
  • Label the information record as "Internal".
  • Store the information record in services evaluated by Queen's as suitable for operationally sensitive information records.

 

Information Record Disposal

The following instructions are applicable when information record under your care is no longer required for an administrative or academic activity and according to its record retention schedule. There are no specific requirements for GENERAL information.

 

Guidance
i. Dispose of used devices, media, or other electronics in accordance with the Queen's e-waste service. This service adheres to most all legal requirements for the destruction of information records. Please respect the environment.
Paper Records
Confidential Internal
  • Shred or store in an access-controlled location to be shredded by a Queen's authorized vendor.
  • Shred or store in an access-controlled location to be shredded by a Queen's authorized vendor.
Digital Records
Confidential Internal
  • Delete files if the Queen's issued device (e.g. laptop, server) or media (e.g. USB key, DVD) will be re-used by the same unit for similar activities otherwise, shred the device or media.
  • Empty the "Recycle Bin"(s) after deleting.
  • Delete files.
  • Empty the "Recycle Bin"(s) after deleting.

Top of page 鈫