Using

decorative

This includes but is not limited to: 

  • enter data, digitize, transcribe, translate;
  • check, validate, filter and clean data;
  • anonymize data where necessary;
  • describe data;
  • manage data;
  • interpret data;
  • statistical analysis;
  • derive data.

Use the data classification definitions found here to help you through this process.

Select which class of data you are working with:

Confidential Data

Action: Emailing information or attachments, or mailing documents via campus mail or campus email

  • Treatment - Print: No classification marking on external envelope required, but the internal envelope should be labeled "Confidential".
  • Treatment - Electronic: Label as "Confidential" in the subject line.  Not permitted unless the confidential data (content of email and/ or attachment) is encrypted, without password included.  Please refer to this Cybersmart page for more details on encryption.  Email and associated attachments must be stored in a location and format in which privacy is protected (and in accordance to this Data Classification Standard).  

Action: Emailing information or attachments, or mailing documents via external mail carriers (Canada Post, DHL, etc.) or through the Internet (sending from Western's email service to outside addresses)

  • Treatment - Print: No classification marking on external envelope required but internal envelope should be labeled "Confidential".  Confirmation of receipt is required as legally madated.
  • Treatment - Electronic: Label as "Confidential" in the subject line.  Not permitted unless the confidential data (content of email and/or attachment) is encrypted, without password included.  Please refer to this Cybersmart page for more details on encryption.  Email and associated attachments must be stored in a location and format in which privacy is protected (and in accordance to this Data Classification Standard).

Action: Emailing information or attachments, using your own external email account (GMAIL, Yahoo, etc.)

  • Treatment - Print: N/A
  • Treatment - Electronic: Not permitted.  University employees are expected to use university provided email facilities for the transmission of work related email.  Futher, email and associated attachments must be stored in a location and format in which privacy is protected (and in accordance with this Data Classification standard). 

Action: Transmitting information via Social Media (Twitter, LinkedIn, Facebook, etc.)

  • Treatment - Print: N/A
  • Treatment - Electronic: Not permitted.

Action: Adhere to MAPP 1.13 - Code of Behaviour for Use of Computing Resources and Corporate Data Policy

  • Treatment - Print: Ensure that documents are not left in areas where unauthorized people can gain access
  • Treatment - Electronic: Adhere to safe computing practices (do not let unauthorized people see your screen).

Action: Audit process

  • Treatment - Print: Audit your access processes regularly, referring to the data classification process for guidance.
  • Treatment - Electronic: Audit your access process regularly, referring to this data classification process for guidance. 

Action: Printing hard copy of data

  • Treatment - Print: Unattended printing permitted only if physical access controls are used to prevent unauthorized viewing.
  • Treatment - Electronic: N/A

Action: Auditing access activity

  • Treatment - Print: Log all necessary access attempts defined by policy or business requirements; System Custodians shall review all access violation attempts and notify Data Steward and/ or Information Security Office of any suspicious or abnormal activity.  Refer to procedures for reporting incidents:
  • Treatment - Electronic: Log all necessary access attempts defined by policy or business requirements; System Custodians shall review all access violation attempts and notify Data Steward and/ or Information Security Office of any suspicious or abnormal activity.  Refer to procedures for reporting incidents:

Sensitive Data

Action: Emailing information or attachments, or mailing documents via campus mail or campus email

  • Treatment - Print: No classification marking on external envelope required but internal envelope should be labeled "Sensitive".  Must be in a permanently sealed envelope possibly within a reusable campus mail envelope.
  • Treatment - Electronic: Label as "Sensitive" in the subject line.  Encryption, without password included, is suggested.  Access controls required.  Please refer to this Cybersmart page for more details on encryption.  Email and associated attachments must be stored in a location and format in which privacy is protected (in accordance with this Data Classification standard).

Action: Emailing information or attachments, or mailing documents via external mail carriers (Canada Post, DHL, etc.) or through the Internet (sending from Western's email service to outside addresses)

  • Treatment - Print: No classification marking on external envelope required but internal envelope should be labeled "Sensitive".
  • Treatment - Electronic: Label as "Sensitive" in the subject line.  Encryption, without password included, is suggested.  Access controls required.  Please refer to this Cybersmart page for more details on encryption or contact ciso@uwo.ca.  Email and associated attachments must be stored in a location and format in which privacy is protected (in accordance with this Data Classification standard).

Action: Emailing information or attachments, using your own external email account (GMAIL, Yahoo, etc.)

  • Treatment - Print: N/A
  • Treatment - Electronic: Not permitted.  University employees are expected to use university provided email facilities for the transmission of work related email.  Further, email and associated attachments must be stored in a location and format in which privacy is protected (and in accordance with this Data Classification standard).

Action: Transmitting information via Social Media (Twitter, LinkedIn, Facebook, etc.)

  • Treatment - Print: N/A
  • Treatment - Electronic: Not permitted.

Action: Adhere to MAPP 1.13 - Code of Behaviour for Use of Computing Resources and Corporate Data Policy

  • Treatment - Print: Ensure taht documents are not left in areas where unauthorized people can gain access.
  • Treatment - Electronic: Adhere to safe computing practices (do not let unauthorized people see your screen).

Action: Audit process

  • Treatment - Print: Audit your access processes regularly, referring to this data classification process for guidance.  
  • Treatment - Electronic:  Audit your access process regularly, referring to this data classification process for guidance.  

Action: Printing hard copy of data

  • Treatment - Print: Unattended printing permitted only if physical access controls are used to prevent unauthorized viewing.
  • Treatment - Electronic: N/A

Action: Auditing access activity

  • Treatment - Print: Log all violation attempts; System Custodian reviews as appropriate.
  • Treatment - Electronic: Log all violation attempts; System Custodian reviews as appropriate.

Public Data

Action: Emailing information or attachments, or mailing documents via campus mail or campus email

  • Treatment - Print: No special requirements
  • Treatment - Electronic: No special requirements

Action: Emailing information or attachments, or mailing documents via external mail carriers (Canada Post, DHL, etc.) or through the Internet (sending from Western's email service to outside addresses)

  • Treatment - Print: No special requirements
  • Treatment - Electronic: No special requirements

Action: Emailing information or attachments, using your own external email account (GMAIL, Yahoo, etc.)

  • Treatment - Print: N/A
  • Treatment - Electronic: University employees are expected to use university provided email facilities for the transmission of work related email.  Please refer to Western's Email Policy - MAPP 1.45.

Action: Transmitting information via Social Media (Twitter, LinkedIn, Facebook, etc.)

  • Treatment - Print: N/A
  • Treatment - Electronic: No special requirements

Action: Adhere to MAPP 1.13 - Code of Behaviour for Use of Computing Resources and Corporate Data Policy

  • Treatment - Print: No special requirements
  • Treatment - Electronic: No special requirements

Action: Audit process

  • Treatment - Print: Audit your access processes regularly, referring to this data classification process for guidance. 
  • Treatment - Electronic: Audit your access processes regularly, referring to this data classification process for guidance.

Action: Printing hard copy of data

  • Treatment - Print: No special requirements
  • Treatment - Electronic: No special requirements

Action: Auditing access activity

  • Treatment - Print: No special requirements
  • Treatment - Electronic: No special requirements

Published on  and maintained in Cascade CMS.