Classify your data's confidentiality?

Owned by Berend Dijk, van
Last updated: 17/04/2023
1 min read

What are the consequences of unauthorized data access or leaks?

Additionally, the Handling Personal Data guide provides information on how to manage personal data throughout the research process.

There are four categories in which the potential impact can be classified:

  • Low: Short term interruption, mainly data that is already public or is not sensitive

  • Basic: Non-Public research data, long term interruption or invalidation of research, personal data of moderate amount of individuals or sensitive personal data of small number of individuals.

  • Sensitive: Publication restrictions, reputation damage to researcher and university, patients or contractual agreements, sensitive personal data of moderate amount of individuals or non-sensitive personal data or large number of individuals.

  • Critical: Far reaching contractual obligations, exclusion from future grants of life-threatening research, highly sensitive personal data of individuals or personal data of huge number of individuals.

Leiden University suggests that data should be classified to assess its value and potential security risks. This is an important aspect of registering processing activities, whether they involve personal information or not.