Data classification and secure storing
Categorizing confidential documents and information on the basis of confidentiality is an important part of information life-cycle. Once the information has been classified, the information can be stored and / or published on a suitable place, such as a network disk, a local disk of a computer, external recorders, an information system or a cloud service. The owner and / or processor of the data is responsible for classifying the data.
Act on the Openness of Government Activities 24 § states what information and/or documents are classified information. See the data classification and secure storing instructions for more information on what confidential information is.
The purpose of the data classification and storage model is to clarify where data can be published and stored. The classification template allows you to identify which category your data belongs to. For example in a research project, which does not deal with classified information or sensitive personal data, the information is confidential. Once the data category has been identified you can check the material storage table for the locations where this data can be securely stored or published.
Classification model
Public information
- There are no restrictions on viewing the information.
- Note. Copyright must be considered with every publications. Copyright means the final exclusive right of the author possible on the basis of his work. All others do not have the right to use the work without the author's permission.
- Examples of public information include press releases, course information, research publications, public documents, and public websites.
Internal or limited use information
- The information can be viewed by Metropolia staff and students
- For example, internal announcements, teaching materials produced and acquired for internal use, instructions, memos, and materials licensed to the organization.
Confidential information
- The data can be viewed and processed by each member of the relevant group (including the student, e.g. in research projects)
- For example, unfinished credit or projects
Classified information
- The information can only be viewed and processed by specifically authorized persons
- Exam answers and other tests, including various assignments and examinations, as well as grading marks. Note. however, grades and scores are public
- Sensitive personal information, which includes;
- Information on the verbal assessment of a student's personal characteristics
- Information on the person's state of health, disability, health care or social care clientele or rehabilitation (e.g. applications and decisions on special arrangements for studies)
- Information concerning the person's annual income or total assets, or the income and assets on which the aid or benefit is based, or otherwise describe his financial situation
Three different categories are used in the data storage and publication table. Allowed, allowed with limitations and not allowed.
- Allowed means that data in that category may be stored and / or published in the location of that column.
- Allowed with limitations means that certain restrictions, such as restrictions on access rights, must be taken into account when storing and / or publishing information. For example, if exam results are stored in Moodle, the permissions must be restricted so that the data cannot be seen by anyone other than the data handler (teacher).
- Not allowed means that the data may not be stored or published at all in the location of that column.
Note! Copyright must be taken into account in all publications. Copyright means the author's initial exclusive right to decide on the use of his work. Meaning others do not have the right to use the work without the author's permission.
Data storage and processing on network disks and the computer's local hard disk, as well as external recorders
Action | Public information | Internal or limited use information | Confidential information | Classified information | Note |
---|---|---|---|---|---|
P: | Allowed | Allowed | Allowed with limitations | Not Allowed | Project members have full access rights. |
S: | Allowed | Allowed | Not Allowed | Not Allowed | Open to anyone, anyone can create files for temporary storage. Useful when witching between offices / classrooms |
T: | Allowed | Allowed | Not Allowed | Not Allowed | Reading rights for students, writing rights for staff. |
U: | Allowed | Allowed | Allowed with limitations | Allowed with limitations | Classified information can be stored under the Priv folder. The pub folder is open to everyone. |
W: | Allowed | Allowed | Not Allowed | Not Allowed | Users have only read-only access. Used with applications. |
Z: | Allowed | Allowed | Allowed | Allowed | The Z network drive is a secure storage location for staff for sensitive data. This drive will be backed up automatically. |
\\share-courses | Allowed | Allowed | Not Allowed | Not Allowed | |
\\share-archive | Allowed | Allowed | Not Allowed | Not Allowed | |
Computer’s local hard disk | Allowed | Allowed | Allowed | Not Allowed | |
Save to phone or tablet (security code must be enabled on the device) | Allowed | Allowed | Allowed with limitations | Not Allowed | |
External memory devices (memory sticks, hard disks, CDs) | Allowed | Allowed | Allowed with limitations | Allowed with limitations | Confidential & Classified information must be password protected in external recorders. |
Public computer or home computer | Allowed | Not Allowed | Not Allowed | Not Allowed |
Data storage and processing in information systems and cloud services
Action | Public information | Internal or limited use information | Confidential information | Classified information | Note |
---|---|---|---|---|---|
Public www-websites | Allowed | Not Allowed | Not Allowed | Not Allowed | |
Oma.Metropolia website (intranet) | Allowed | Allowed | Not Allowed | Not Allowed | In addition to the staff, students also read Intranet. |
Peppi | Allowed | Allowed | Allowed | Allowed | |
Amme | Allowed | Allowed | Allowed | Allowed | |
Moodle | Allowed | Allowed | Allowed | Allowed with limitations | The information can only be viewed and processed by specifically authorized persons. |
HR-system | Allowed | Allowed | Allowed | Allowed with limitations | The information can only be viewed and processed by specifically authorized persons. |
Metroarch | Allowed | Allowed with limitations | Allowed with limitations | Allowed with limitations | Access rights can be granted to employees both inside and outside Metropolia. |
Google products: Drive, Classroom, Blogger, Docs, Meet, Sites, Photos, Slides, Form | Allowed | Allowed | Allowed | Not Allowed | Note! Google product family includes several applications that are subject to the same data storage and processing guidelines as the listed services. |
Microsoft 365 products: OneDrive, Onenote, Sites, Stream, Teams, Planner, Stream, Whiteboard, Sharepoint, Yammer | Allowed | Allowed | Allowed | Not Allowed | Note! Microsoft product family includes several applications that are subject to the same data storage and processing guidelines as the listed services. |
Promid | Allowed | Allowed | Allowed | Not Allowed | |
Zoom | Allowed | Allowed | Allowed | Allowed with limitations | All personal interviews that are going to be recorded should be done by using ZOOM program only. |
Information and case maangement software | Allowed | Allowed | Allowed | Allowed | |
Wihi | Allowed | Allowed | Allowed | Allowed | |
E-form | Allowed | Allowed | Allowed | Allowed | |
HelpDesk | Allowed | Allowed | Allowed | Not Allowed | |
ARC-system | Allowed | Allowed | Allowed | Not Allowed | |
Youtube | Allowed | Allowed with limitations | Not Allowed | Not Allowed | |
Social media channels: Facebook, Instagram, TikTok | Allowed | Not Allowed | Not Allowed | Not Allowed | Note! The same data storage and processing guidelines apply to all social media channels. |
Sending of material
Action | Public information | Internal or limited use information | Confidential information | Classified information | Note |
---|---|---|---|---|---|
Metropolia e-mail internal communication | Allowed | Allowed | Allowed | Allowed | |
Metropolia e-mail external communication | Allowed | Allowed with limitations | Allowed with limitations | Allowed with limitations | Secure mail must be used if you send personal information, sensitive information or otherwise confidential information to an e-mail address outside Metropolia. |
Letter | Allowed with limitations | Allowed with limitations | Allowed with limitations | Allowed with limitations | The contents of the letter post must not appear outside the letter. In the case of goods are being shipped, its shape must not be identifiable. |
Printing of material and disposal of papers and other material
Action | Public information | Internal or limited use information | Confidential information | Classified information | Note |
---|---|---|---|---|---|
Printing of materials | Allowed | Allowed | Allowed | Allowed | |
Paper material disposal, normal trash bin | Allowed | Not Allowed | Not Allowed | Not Allowed | |
Paper material disposal secure trash bin | Allowed | Allowed | Allowed | Allowed | All confidential material is placed in the secure trash. Material related to course assignments is always confidential information. |
- Created by Unknown User (kimmosv), last modified on 6.6.2022
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 16 Next »
- No labels