1 minute read
Table 3. Example of a Data Classification Schema
business strategies and development plans, business finances, employee records, and corporate board materials. Before establishing policies describing how these varied data types should be used and disclosed, it is best to classify them into high-level categories that provide a consistent framework when developing policies and procedures. Table 3 provides a sample classification schema, with examples of the types of documents that the classification comprises.
Table 3. Example of a Data Classification Schema
Advertisement
Classification Description Examples
Highly Sensitive Data Data that could easily be SSN, credit card number, mental used for financial fraud, or health informa�on, substance abuse could cause significant informa�on, sexually transmi�ed reputa�onal damage. infec�ons.
Sensitive Data Regulated data, or data that Health informa�on, clinical research could cause embarrassment data, insurance informa�on, to pa�ents or organiza�ons. human/employee data, board materials.
Internal Data
Public Data Data that are not considered sensi�ve, but should not be exposed publicly. Policies and procedures, contracts, business plans, corporate strategy and business development plans, internal business communica�ons.
All data that have been sani�zed and approved for distribu�on to the public with no restric�ons on use. Materials published on websites, presenta�ons, and research publica�ons.
4.M.B Data Use Procedures NIST FRAMEWKORK REF:
ID.GV-1 After data have been classified, procedures can be written that describe how to use these data based on their classification. Such procedures describe the processes of setting usage expectations and of labeling the information properly. These two functions are described further in the following paragraphs. Usage and disclosure: Based on the classification type, data use should be limited appropriately and disclosed using specific methods. Consider the procedures in Table 4.
43
