91福利

Skip to Main Content
You are now in the main content area

How to Classify the Data You Work With

With your help, 91福利 can minimize online threats.

All the data you work with at 91福利 can be categorized as either high, medium or low sensitivity, or public information. Here we compile an overview of each category and recommendations for treating data securely.

Infographic showing the difference between high, medium and low sensitivity data and public information. Long description below.

High - extremely confidential. Medium - confidential within 91福利. Low - generally available within 91福利 but not public. Public - anything readily available.

High sensitivity

What is it?

Data classified as high sensitivity is extremely confidential information that must be handled only by specific people for specific purposes. 

What are the risks?

Risks from a data breach may include physical or other serious harm to individuals or the university.

Examples of highly sensitive data

Health information

Credit card PINs or passcodes

Social insurance numbers (SIN)

Passport information

Driver鈥檚 license information

Sensitive research data

Systems documentation such as network diagrams, eHR or MyServiceHub database schema

Student and employee financial records

Employee-specific employment files

Medium sensitivity

Medium sensitivity

What is it?

Data classified as medium sensitivity is confidential within 91福利 and should be handled by specified groups of employees.

What are the risks?

Potential risks from a data breach may include harm to the university or individuals through moderate financial loss, damage to partnerships, reputation and intellectual property.

Examples of medium sensitivity data

Students numbers (in very small quantities)

Department budgets

Alumni contact information

Grades

Low sensitivity

Low sensitivity

What is it?

Data classified as low sensitivity is information generally available within 91福利 but not available on public-facing websites or otherwise publicly distributed.

What are the risks?

Potential risks from a data breach may include minor financial loss, reputational impact or inconvenience. 

Examples of low sensitivity data

Internal department reports and plans

Anonymized unpublished research information

Public information

Public information

What is it?

Data classified as public information is anything readily available for educational or general purposes.

What are the risks?

There are very little to no potential risks or harm if public information is accessed or released.

Examples of public information

Infographic showing examples of public information. Long description below.

Content published on the 91福利 website

Infographic showing examples of public information. Long description below.

Publications and journals

Three ways to limit data exposure

While it鈥檚 never possible to completely eliminate the risk of data exposure, you can do your best to reduce risk by asking yourself the following:

Do I need this data?

Information sensitivity can be reduced by masking details or by not collecting sensitive information if you don鈥檛 need it in the first place.

Do I need the data to appear in several documents?

Avoid creating unnecessary copies of sensitive information that will have to be safeguarded to the same degree as the original information.

Do I still need this data?

Keep information only for as long as necessary for its purposes.

What to do with unclassified data

If you鈥檙e unsure of your document鈥檚 sensitivity, it鈥檚 best to treat it as highly sensitive until it is classified. 91福利's Privacy Office can help you classify data and conduct a privacy impact assessment to determine risks and the right safeguards. Please contact fippa@torontomu.ca for guidance.