Purpose

Classifying your data helps you determine how your data should be accessed, handled, stored, and shared, as well as the risk associated with the data. This step allows you to determine which computational and storage solutions are best suited to your task, project, or backups.

Audience

Contents

Initial considerations

Applicable legislation, regulations, policies, data sharing or material transfer agreements, etc.

• Is your data or your obligation to protect it covered by other binding documents or contracts?

Privacy legislation (FIPPA, PHIPA, GPDR, etc.)

• Contact the FIPP office regarding how your data should be classified.

  • https://governingcouncil.utoronto.ca/fipp

Ethics protocols

• Contact the relevant oversight and compliance unit regarding your how your data should be protected.

  • https://research.utoronto.ca/ethics-human-research/ethics-human-research

  • https://research.utoronto.ca/ethics-animal-research-teaching/ethics-animal-research-teaching

Agreements (Data sharing [DSA], material sharing [MTA], etc.)

• Contact the relevant contract and agreements office regarding sponsor or data providing requirements.

  • https://research.utoronto.ca/research-innovation-agreements/research-innovation-agreements

 What can I do?

Consult the University’s Data Classification Standard.

• https://security.utoronto.ca/framework/standards/data-classification/

• This standard helps to classify data according to four levels which take into account the data’s importance, sensitivity and potential for misuse. Data classification is a foundational step in determining how data should be protected.

Level 4

• Highly sensitive, non-public data.

Level 3

• Confidential, non-public data.

Level 2

• Non-confidential, non-public (internal) data.

Level 1

• General access, public data.