The University of Tasmania Data Classification Framework facilitates the classification of data on a risk and consequence scale, informing data governance decision making.
Additional guidance relation to data handling, storage and sharing can be found in the Information Management Procedure [PDF 279.8 KB] and the Research Data Management Procedure [PDF 316.8 KB].
Data Classification Framework
Green
Data misuse would have little to no impact.
Yellow
Data misuse unlikely to cause harm or have a negligible adverse impact.
Orange
Data breach or misuse may have a major adverse impact on the university or an external party. Release could be a regulatory offence.
Red
Data breach or misuse expected to cause severe harm to the university or an external party. Release could be a regulatory or criminal offence.
Information that is made publicly available and where unauthorised access, alteration, loss, misuse, or disclosure would have little to no impact.
The information is authorised for public access and may be openly available to students and the general public, however may not necessarily be released into the public domain.
Examples of Green Data
- Course guides
- Public facing website
- Course catalogues and syllabi
- University event schedules and announcements
- Publicly available university policies and procedures
- Staff directories with publicly available contact information
- Published annual reports
- Published research data
Information where unauthorised access, alteration, loss, misuse, or disclosure may have a negligible adverse impact on the University, another organisation or individual(s).
The information has a limited audience, and access is based on broad academic, research or business needs (not public).
Data created and used internally but not classified as Orange/Red.
Examples of Yellow Data
- Most internal communications and documents that do not contain sensitive information including internal meeting minutes, email, and memos
- Intellectual property (ie. patents, trademarks, and copyrights) that is not highly sensitive
- Grant proposals and funding applications
- Non-identifiable raw data generated by instruments, sensors, cameras etc
- Non-sensitive procurement and vendor contract
Information where unauthorised access, alteration, loss, misuse, or disclosure may have a major adverse impact on the University, another organisation or individual(s).
The information has a restricted audience, and access must only be authorised based on strict academic, research or business need.
Compromise may constitute a breach of legal or regulatory responsibilities.
Disclosure to third parties is for specific purposes and requires authorisation.
Examples of Orange Data
- Personally identifiable data as defined by the Privacy Act
- Re-identifiable sensitive data
- Culturally, ecologically or commercially sensitive data
- Employee payroll, salary, and benefits information
- Student records, including transcripts, grades, and enrolment information
- Data with ‘commercial in confidence’ or other contractual restrictions
- University financial data, such as budgets, forecasts and financial statements
Information where unauthorised access, alteration, loss, misuse, or disclosure could reasonably be expected to seriously and adversely impact the University, another organisation or individual(s).
The information has a restricted audience, and access may be subject to regulatory obligations.
Compromise would constitute a breach of legal or regulatory responsibilities.
Disclosure to third parties is for specific purposes and requires authorisation.
Examples of Red Data
- Operational records that are strategic, highly confidential, or tightly restricted
- Data involving national security or intended for use in military applications
- Data with extreme commercial or strategic sensitivity including trade secrets
- Unpublished research with significant ethical implications or commercial potential
The University’s Data Classification Framework was informed by the current regulatory landscape and developed in partnership with the ARDCs Research Data Management Framework for Institutions.