wiki:policies:data
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
wiki:policies:data [2021/11/18 20:59] katcow |
wiki:policies:data [2024/01/24 21:30] (current) katcow |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Data Classification Policy ====== | ||
| + | |||
| ===== I. Purpose ===== | ===== I. Purpose ===== | ||
| Line 8: | Line 10: | ||
| ===== III. Data Classification Policy ===== | ===== III. Data Classification Policy ===== | ||
| - | |||
| - | Company data refers to information generated by or for, owned by, or otherwise in Nested Knowledge’s possession. Company data includes, but is not limited to, research data and business data. | ||
| === Public Data: === | === Public Data: === | ||
| - | Data classified as public may be disclosed to anyone, regardless of their affiliation with Nested Knowledge. Internal Data Internal data is information that is potentially sensitive and is not intended to be shared with the public. Internal data generally should not be disclosed outside of Nested Knowledge without the permission of the person or group that created the data. | + | Data classified as public may be disclosed to anyone, regardless of their affiliation with Nested Knowledge. |
| + | |||
| + | === Internal Data === | ||
| + | |||
| + | Internal data is information that is potentially sensitive and is not intended to be shared with the public. Internal data generally should not be disclosed outside of Nested Knowledge without the permission of the person or group that created the data. | ||
| === Confidential Data === | === Confidential Data === | ||
| Confidential data is information that, if made available to unauthorized parties, may adversely affect individuals, | Confidential data is information that, if made available to unauthorized parties, may adversely affect individuals, | ||
| + | |||
| + | Users are prohibited from sharing confidential information through the following means: | ||
| + | |||
| + | * sending to un-authorized websites, | ||
| + | * sending by phone messaging, WhatsApp, or similar technologies, | ||
| + | * posting on social media, such as Twitter | ||
| + | * uploading to removable media, such as USB devices. | ||
| + | |||
| + | Confidential information should be stored in secure, encrypted environments. Employees are prohibited from storing confidential information on their personal device filesystems. | ||
| === Loss of Confidentiality === | === Loss of Confidentiality === | ||
| Line 28: | Line 41: | ||
| * Personally identifiable health information that is not subject to HIPAA but used in research, such as Human Subjects Data. | * Personally identifiable health information that is not subject to HIPAA but used in research, such as Human Subjects Data. | ||
| - | * Personally Identifiable Information (PII), including an individual’s name plus the individual’s Social Security Number, driver’s license number, or a financial account number. | + | * Personally Identifiable Information (PII), including an individual’s name plus the individual’s Social Security Number, driver’s license number, or a financial account number. |
| + | * Unencrypted data used to authenticate or authorize individuals to use electronic resources, such as passwords, keys, and other electronic tokens. | ||
| * “Criminal Background Data” that might be collected as part of an application form or a background check. More stringent requirements exist for some types of Restricted Use data | * “Criminal Background Data” that might be collected as part of an application form or a background check. More stringent requirements exist for some types of Restricted Use data | ||
| + | |||
| + | __Nested Knowledge DOES NOT process any personal health information (PHI) or criminal background data. __ | ||
| + | |||
| + | ==== High-Risk Personal Data ==== | ||
| + | |||
| + | Potential high-risk data types we may encounter include the following: | ||
| + | |||
| + | * Information on employee health and/or disability status. | ||
| + | * Information on employee ethnicity, race, religion, sexuality, or political beliefs. | ||
| + | * User location data and online behavior | ||
| + | |||
| + | High-risk personal data fall under the same guidelines as restricted use data. | ||
| === Other Regulations === | === Other Regulations === | ||
| Line 40: | Line 66: | ||
| === Review and Update === | === Review and Update === | ||
| - | This data classification policy will be updated on an annual basis. The next update will be done in November 2022. | + | |
| + | This data classification policy will be updated | ||
| ===== Revision History ===== | ===== Revision History ===== | ||
| ^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
| - | |K. Cowie|11/18/2021|Draft completed| | + | |K. Cowie|01/ |
| - | |K. | | | | + | |K. Kallmes|11/19/ |
| + | |P. Olaniran|09/ | ||
| + | |K. Cowie|09/18/2022|Revisions approved| | ||
| + | |||
| + | [[: | ||
wiki/policies/data.1637269171.txt.gz · Last modified: 2021/11/18 20:59 by katcow
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
