PCI Training - Tom Wong-APPENDIX B - Data Classification and Handling Guidelines

APPENDIX B - Data Classification and Handling Guidelines

Pdf Summary

The document provides guidelines for data classification and handling based on a four-level classification scheme. The four levels are: Restricted, Confidential, Private, and Public.<br /><br />Restricted data is the most sensitive and is accessible only to authorized employees, contractors, and business partners with a specific business need. The potential impact of loss of this data is significant, including negative impact on the company's competitive position and violating regulatory and contractual requirements.<br /><br />Confidential data is highly valuable and is classified internally by the company. It may be shared with authorized parties but must not be released to the general public. The potential impact of loss of this data is moderate.<br /><br />Private information, originated or owned by the company, may be shared with authorized personnel but should not be released to the general public. The potential impact of loss of this data is minimal or none.<br /><br />Public information can be freely shared both internally and externally and has no damaging impact or risk to business operations if exposed.<br /><br />The document also outlines general practices for handling different classifications of data. It highlights that information created or received by employees is private by default, unless it requires greater confidentiality or is approved for release to the general public. The most restrictive classification should be assigned when combining information with different sensitivity levels.<br /><br />Specific handling requirements are provided for each classification level, including storage, transmission, printing, copying, and disposal. The document also lists examples of sensitive data elements for each classification level.<br /><br />The final section of the document includes a revision history, references to other related documents, and the approval and ownership details.<br /><br />Overall, the document provides clear guidelines on classifying and handling different levels of data sensitivity to ensure proper protection and security.

Keywords

data classification

handling guidelines

four-level classification scheme

Restricted

Confidential

Private

Public

authorized employees

potential impact

loss of data