Data Classification

In order to make sure you handle, process, store, and access data correctly you will need to classify the data in question.

The below table will give guidance in classifying your data. For more information on data storage options please see our Data Storage Overview.

Quick Reference Grid for Data Classification

Full Data Classification, approved by Board, is in the Cloud Computing Policy.

Data Classification Description of Data  Working Examples of Data Storing, Accessing & Sharing this Data
Non-Confidential Public

Such data is available for anyone to see.

It is often made available to the public via the Trinity website.

  • Course names
  • Module names
  • Prospectus
  • Brochures
  • Department contact details
  • Staff names and internal phone extensions

Data should be subjected to internal review before issuing.

Access to this data is not usually restricted, i.e. a username and password are not required to access this data.

Storage: any Trinity-operated service as this information is deemed publicly accessible.

  University Internal Such data is generally available to all staff and students at Trinity.
  • General meeting minutes.
  • Day to day activities and communications
  • Project-related memos, and information circulated to staff which is not intended as public material.
  • Academic statistics

Access is usually restricted to members of Trinity.

A username and password are required to access this data.

This data should be stored in a service that has access control to internal users and requires a password for individual access.

Storage: OneDrive, SharePoint Online, Teams, NAS, Trinity Computers and mobile devices

Confidential Restricted

This is data that is usually not made available to all staff, and which could result in legal action, reputational damage or financial loss.

  • Personal data.*
  • Confidential business data and information**
  • Documents are subject to Data Protection Legislation.
  • Confidential memos.
  • Confidential information related to Research or Funding.
  • Management decisions
  • Detailed budgets or financial reports
  • Interview Packs
  • Routine financial transactions

Access to this data is restricted to the people that are entitled to use it. But generally, this will be a large number of staff and the data is not as confidential or sensitive as the critical data described below.

A username and password are required to access this data.

This data should be stored in a service that has access control specified to certain users or groups (i.e. department, school list) and requires a password for individual access.

 

Storage: OneDrive, SharePoint Online, Teams, NAS, Trinity Computers and mobile devices

  Critical

Inappropriate use of this information could result in legal action, financial loss, and severe reputational damage to Trinity.

  • Sensitive personal data***
  • Sensitive business data and information
  • Information relating to the mental and physical health of individuals.
  • Data is subject to a confidentiality clause.
  • Medical Research.
  • Financial data such as bank account numbers.
  • Biometric identification data.
  • Disciplinary details
  • Exam papers

Access to such data is tightly controlled, with only a few individual users being entitled to see or use the data.

Critical data is generally stored in purpose-built applications, often in an encrypted format, even within internal security systems.

Storage: Research Databases, Admin Databases under specific design eg: SITS, CORE

* Personal Data: Data relating to a living individual who is or can be identified from the data, including Name, Address, ID Number, CCTV Footage, Student Records, and Personnel Records.

** Confidential Business Data: Commercially Sensitive data for which we have an institutional obligation to protect, including high-value data that comprise intellectual property for research projects, commercial / employment contracts, and confidential meeting minutes.

*** Sensitive Personal Data: Physical or mental health, Racial origin, Political opinions, Religious or other beliefs, Sexual life, Criminal convictions, Payroll records, Bank account details, Biometric data, and Trade Union membership.

Related pages