~/src/www.mokhan.ca/xlgmokha [main]
cat data-classification.md
data-classification.md 3146 bytes | 2021-07-21 17:14
symlink: /dev/eng/data-classification.md

Data Classification

Poor data handling practices can leave the company open to customer contract breach, security breach, regulatory fines, negative impact on reputation, and market share loss.

      /\       restricted
     /--\
    /    \     confidential
   /------\
  /        \   controlled
 /----------\
/            \ public
--------------

Restricted

Data whose unauthorized disclosure may have serious adverse effects on the company’s reputation, resources, services, personnel, or customers, or data that carries with it proprietary, ethical, or privacy considerations.

Typically, this includes data protected under governmental regulations (federal, state or international).

Examples:

  • Customer or user PII (personally identifiable information) GDPR PII
  • Customer financial or PCI Data
  • Non-public Customer Communications

Confidential

Data whose unauthorized disclosure may have moderate adverse effects on the company’s reputation, resources, services, personnel, or customers.

This data is for internal company use only, and is not intended for disclosure outside the company.

Usage of confidential data should be avoided to the greated extent possible.

Examples:

  • Customer and User Data
  • Prospect or Lead Data
  • GitHub Intellectual Property (IP) and Infrastructure Data
  • GitHub Employee and Applicant Data

Controlled

Same as Confidential except that it may be required to be shared in specific limited-purpose situations. This is typically the classification for most organization security, privacy, and compliance audit data requiring non-disclosure (NDA) for release and requires a moderate level of security.

Examples:

  • Customer and User Data
  • Prospect or Lead Data
  • GitHub Intellectual Property (IP) and Infrastructure Data
  • GitHub Employee and Applicant Data

Public

Data that typically is publicly accessible, requires minimal security controls, and poses little or no risk to the company’s reputation, resources, services, personnel, or customers. This includes public data managed by GitHub on behalf of customers as well as all data intentionally provided by GitHub, GitHub employee or a customer and entered/visible in public systems.

Usage of public data is low risk but should still be limited to occasions with a clear business purpose.

Examples:

  • Public - Customer and User Data
  • Public - GitHub Intellectual Property (IP) and Infrastructure Data
Lines: 87 | Words: 352 | Reading time: 2 min