Public data

Data accessible to anyone with no restrictions, e.g. public web-based data

Disclosure is not a risk to CU or other institutions and people.

Publicly accessible research reports and data

Open-source software

Promotional materials

Public service information

Internal data

Data intended only for the internal needs of a generally defined group of people (e.g. co-worker of a project, employees of an institution, etc.)

However, no special regulation or protection is required (under law, a contract, etc.).

Disclosure outside the specific group does not cause direct damage (financial, moral, legal, etc.).

Internal correspondence

Minutes of meetings

Internal directives and regulations

Unpublished research reports

Confidential data

Data intended exclusively for the internal needs of a precisely defined group of people (e.g. an employee and their direct superior, an HR department employee and a job applicant, a group of IT system managers with administrative rights.

By nature, the data require regulation or protection; typically the data are protected by law or under a contract/licence (e.g. personal data of persons, data covered by trade secrets, etc.).

Disclosure outside the specific group of people most probably causes damage (financial, moral, legal, etc.).

Economic and personal data of a private nature

Personal data of students, employees, co-workers

ID numbers, birth numbers, etc.

Credit card numbers

Valuable research data (providing, e.g. competitive advantages)

Extensive collection of internal data

Access data (e.g. passwords or encryption keys) to minor systems and internal data

Sensitive data

Data intended strictly for the internal needs of a precisely defined group of people (e.g. healthcare worker and their patient, project managers working with data subject to trade or similar secrecy, etc.).

By nature, the data require special regulation or specific protection; typically the data are strictly protected by law or under a contract/licence (e.g. very valuable data covered by trade secrets, sensitive personal data, etc.).

Disclosure outside the specific group of authorized people most probably causes large-scale damage (financial, moral, legal, etc.) with serious and irreversible consequences.

In university practice, only certain data fall into this category.

Healthcare data, sensitive personal data

Very valuable research data (providing, e.g. unique competitive advantages that cannot be easily replaced) or research data containing highly confidential information

Extensive collection of confidential data

Access data (e.g. passwords or encryption keys) for important systems and data of a confidential or sensitive nature