Contents
| Table of Contents |
|---|
| Anchor | ||||
|---|---|---|---|---|
|
...
Accessible only to designated or relevant members of staff due to its potential impact on the organisation that could result in legal action, reputational damage or financial loss.
Examples:
Payrolls, salaries info
HR personnel records
Credit card and financial account information
Internal investigation information
Intellectual property
All legal and attorney-client communications
Medical records
Detailed budgets or financial reports
...
This is a special category to represent multiple regulations, for example as HIPAA or ITAR. Loss of such data results in a major legal action and a massive financial loss. Protection of such information is required by law/regulation or required by the government to self-report.
Examples:
Sensitive personal data (Physical or mental health, Criminal convictions, etc)
Medical Research (HIPAA)
Academic research regulated by Export Controls (ITAR/EAR) export-related security controls on information that is subject to a Technology Control Plan
Student information classified under FERPA
Credit card information covered by PCI-DSS rules
Court or national security orders that prohibit disclosure (e.g., subpoenas, National Security Letters)
...