You are now in the main content area

How to Classify the Data You Work With

All the data you work with at Ryerson can be categorized as either high, medium or low sensitivity, or public information. Here we compile an overview of each category and recommendations for treating data securely.

What is it?

Data classified as high sensitivity is extremely confidential information that must be handled only by specific people for specific purposes. 

What are the risks?

Risks from a data breach may include physical or other serious harm to individuals or the university.

Examples of highly sensitive data

  • Health information 
  • Social insurance numbers (SIN)
  • Driver’s license information
  • Credit card PINs or passcodes
  • Passport information
  • Student and employee financial records
  • Employee-specific employment files
  • Sensitive research data
  • Systems documentation such as network diagrams, eHR or RAMSS database schema.

What is it?

Data classified as medium sensitivity is confidential within Ryerson and should be handled by specified groups of employees.

What are the risks?

Potential risks from a data breach may include harm to the university or individuals through moderate financial loss, damage to partnerships, reputation and intellectual property.

Examples of medium sensitivity data

  • Students numbers (in very small quantities)
  • Grades
  • Department budgets
  • Alumni contact information

What is it?

Data classified as low sensitivity is information generally available within Ryerson but not available on public-facing websites or otherwise publicly distributed.

What are the risks?

Potential risks from a data breach may include minor financial loss, reputational impact or inconvenience. 

Examples of low sensitivity data

  • Internal department reports and plans 
  • Anonymized unpublished research information

What is it?

Data classified as public information is anything readily available for educational or general purposes.

What are the risks?

There are very little to no potential risks or harm if public information is accessed or released.

Examples of public information

  • Content published on the Ryerson website
  • Publications and journals

Three ways to limit data exposure

While it’s never possible to completely eliminate the risk of data exposure, you can do your best to reduce risk by asking yourself the following:

Do I need this data?

Information sensitivity can be reduced by masking details or by not collecting sensitive information if you don’t need it in the first place.

Do I need the data to appear in several documents?

Avoid creating unnecessary copies of sensitive information that will have to be safeguarded to the same degree as the original information.

Do I still need this data?

Keep information only for as long as necessary for its purposes.

What to do with unclassified data

If you’re unsure of your document’s sensitivity, it’s best to treat it as highly sensitive until it is classified. Ryerson's Privacy Office can help you classify data and conduct a privacy impact assessment to assess risks and determine the right safeguards. Please contact fippa@ryerson.ca for guidance.