Information Classification

All College information, regardless of where it resides or what purpose(s) it serves, must be carefully and consistently protected throughout its life cycle based on its sensitivity and its importance to College operations.

All College information is categorized into one of four classifications:

Classification Description Examples
Public Public data poses no risk to the College if made generally available.
  • Faculty and staff directory information
  • Course catalogs
  • Published research data
  • Advertised Jobs and Tenders
Internal Internal only data is only available for use inside the College and sharing beyond the College community should be prohibited.
  • Exam material
  • Procedures
  • Most contractual agreements
  • Information related to a regulator’s request
Confidential Confidential data is data whose loss, corruption or unauthorized disclosure would seriously harm the company’s reputation or business position, resulting in financial, reputation and legal loss.
  • Most personal information
  • Organisational financial data
  • Exam results Research data (containing personal information)
  • Unpublished intellectual property
  • Information related to a regulator’s investigation
  • Payment Credit card
  • Contractual agreements deemed confidential under FIPPA1
  • Business unit-related process and procedure
  • ITS system design and configuration information
Restricted Restricted data is data whose loss, corruption or unauthorized disclosure would severely harm the company’s reputation or business position, resulting in severe financial, reputation and legal loss.
  • Personal health information
  • Information related to children and young persons
  • Research Data (containing personal and/or personal health information)
  • Mergers and Acquisitions proceedings
  • Litigation privilege documents and communications

 

A breach of Sensitive information may result in the College undertaking voluntary or involuntary breach notification to affected individuals.

Examples include employee and student information, appeal and grievances, medical information, logical or physical architectures, third-party applied research data, accounting information, and information protected by legislation.

Sensitive information must be labelled as “Confidential”, must always be securely locked when in physical form or electronically protected while in electronic form, and never left unattended or unsecured. Sensitive information should never be stored on unencrypted portable media, such as USB drives or portable hard drives.

The College also holds highly sensitive medical related Personal Health Information (PHI) within its medical, dental and therapy clinics, nursing and para-medicine programs, Centre for Students with Disabilities (CS), as well as various program intake processes. Should PHI become accidentally or deliberately disclosed, the College must undertake immediate, mandatory breach notification to affected individuals under the Personal Health Information Protection Act (PHIPA). This would likely cause a severe adverse effect on the College’s assets and reputation. For this reason, medical related information must never be stored on portable media of any kind, including USB drives or portable hard drives.

Should you have any questions regarding Information classification or safeguarding, please contact the Manager, Information Security at infosec@algonquincollege.com