Classify data

Purpose

Classifying your data helps you determine how your data should be accessed, handled, stored, and shared, as well as the risk associated with the data. This step allows you to determine which computational and storage solutions are best suited to your task, project, or backups.

Audience

faculty researchers Admin staff IT staff

Initial considerations

Applicable legislation, regulations, policies, data sharing or material transfer agreements, etc.

Is your data or your obligation to protect it covered by other binding documents or contracts?

Privacy legislation (FIPPA, PHIPA, GPDR, etc.)

Contact the FIPP office regarding how your data should be classified.
- Freedom of Information and Protection of Privacy

Ethics protocols

Contact the relevant oversight and compliance unit regarding your how your data should be protected.
- Ethics in Human Research | VPRI
- Ethics in Animal Research & Teaching | VPRI

Agreements (Data sharing [DSA], material sharing [MTA], etc.)

Contact the relevant contract and agreements office regarding sponsor or data providing requirements.
- Research & Innovation Agreements | VPRI

What can I do?

Consult the University’s Data Classification Standard.

Data Classification Standard - Information Security at University of Toronto
This standard helps to classify data according to four levels which take into account the data’s importance, sensitivity and potential for misuse. Data classification is a foundational step in determining how data should be protected.

Level 4

Highly sensitive, non-public data.

Level 3

Confidential, non-public data.

Level 2

Non-confidential, non-public (internal) data.

Level 1

General access, public data.

Search

Additional help

General

Institutional Data Governance - U of T - IRDG

Freedom of Information and Protection of Privacy

Contact us | Information Security (IS)

Researchers

Research Information Security - Information Security at University of Toronto

Information Security Handbook