Recommended levels of data classification at St. Thomas: Public, Internal, Confidential, and Restricted.
Note: A formailzed data classification policy is currently being developed.
Public data is typically defined as data that anyone can access and it may be disclosed to the general public without impact to St. Thomas. Examples of this type of data may include marketing materials or the annual report.
Internal data is typically defined as internal business correspondence, records and data that are created during the normal course of business which is not identified as confidential or restricted. Examples of data classified as Internal include business emails, correspondence with clients.
Confidential data typically includes any and all of business, financial and technical information including, network and system diagrams or other non-Restricted data created in the normal course of business which if made public could cause harm to St. Thomas.
Restricted data includes all information subject to restriction in access, storage or processing by law, or regulation, or by customer contract and any other information owned or under the stewardship of St. Thomas that could cause significant harm if inappropriately disclosed, accessed or modified.