Standard: Information and Data Classification
- All information and data, whether created or collected, is allocated a classification so that it is managed, use and secured in a manner appropriate to its importance and sensitivity.
- To ensure appropriate protection throughout its lifecycle, Data Domain Stewards are accountable for ensuring all information and data, within their data domain, is protected and classified when it is created, saved or completed, commensurate with its sensitivity and value.
- Data Domain Stewards are responsible for setting the information and data classification scheme for their data domain at the lowest reasonable level in accordance with the classification table below:
Negligible adverse impact to the University if disclosed
May cause minor/low impact on the reputation of the University, other organisation or an individual if disclosed
Would cause medium impact to the University, staff or students if disclosed
Would cause a high impact (significant risks or liabilities) to the University, staff or students if disclosed.
- Custodians are responsible for applying required and suggested safeguards to protect information and data in accordance with its classification.
- Producers and users are responsible for complying with this standard, and the Data Governance Policy.
- Each information and data classification requires different handling procedures that provide appropriate levels of protective security.
- Sensitive and Highly Sensitive Information and Data require special handling requirements, especially during electronic transmission and physical transfer.
- Data domain stewards, custodians, producers, and users need to ensure authorised access to Information and Data of different classification is appropriately managed.
- For further information regarding information and data management and security, refer to Information technology security policy and Acceptable use of information technology policy.
- Access may be given under relevant legislation such as Privacy, Archives, Freedom of Information, including restrictions as required under those Acts.
|Printable version (PDF)
|Information and data classification
|To operationalise the data governance policy and procedure through a framework of the University for assessing information and its sensitivity.
|Governance & Structure
|28 Oct 2022
|Next Review Date
|27 Oct 2023
|University Librarian and Director, Scholarly Information Services
|Library, Archives and University Records
Australian National University Act 1991
Archives Act 1983
Crimes Act 1914 (Cth)
Higher Education Support Act 2003
Electronic Transactions Act 1999
Education Services for Overseas Students Act 2000
Evidence Act 1995
Telecommunications Act 1997