UOB data classifications

For further information refer to The University of Bristol's Information Access & Security Policy and the Information Classification Scheme (PDF, 187kB)‌.  For further information about the Freedom of Information Act, refer to the University of Bristol Freedom of Information pages.

What constitutes restricted data at UoB?

Restricted data relates to all data that is not categorised as "Public" in the UoB Data Classification Scheme Matrix: even data classified as "Open" has a degree of restrictedness in that it is only available to authenticated UoB members.

Different types of data fit within different security levels, each of which has a level of risk attached should this data be lost, leaked or misused. The matrix shows the University data and risk classifications, with examples of data that fit into each classification. 

 PublicOpenConfidentialConfidential and SensitiveSecret
Impact if the information was made public: None

Low

May result in very minor reputational or financial damage to the University;
May result in very minor privacy breach for an individual

Medium

An Intermediate reputational, financial or privacy impact.
May make it less likely that the University would be trusted with similar information in future

High

Could substantially damage reputation of the University,
Have a substantial financial effect on the University or a third-party,
Would result in a serious privacy breach to one or more individuals      

Critical

May damage national security

Definition May be viewed by anyone, inside or outside the organisation

Available to people at the University who are in one of other of these groups: 'staff', spostgraduate researchers' and 'taught students' (NB this is not the same thing as 'everyone with an account at the University', as that might include affiliates at other organisations, alumni, etc)

 

Access is controlled and restricted to a group of people. (These may be people who are members of the University and also people who are members of other organisations)

Access is restricted to a small number of people who are listed by name. 

Access is subject to or obtained under the Official Secrets Act or equivalent.
Examples
  • Publications
  • Press Releases
  • Course Infomation
  • Principle University contacts for public facing roles i.e name, email address and landline telephone number
  • Public events
  • Contact information for most staff (e.g. name, role, email address, and University telephone number)
  • Internal University telephone communications
  • Policies, Procedures and Guidelines
  • Personal details and identifiable information e.g name /address/telephone number/email address/date of birth/National Insurance Number)
  • Information relating to the private well being of a University member
  • Wage slips
  • Death certificates
  • Employee contract information
  • Non-Disclosure Agreements




  • Bank details (sort code/account number
  • Financial data
  • Student transcripts
  • Examination papers
  • staff/student medical records
  • certain medical research data
  • Research papers intended to lead to patentable results (If research is ongoing and has not been published)
  • Details of servers and server rooms
  • Passwords
  • Investigations/disciplinary proceedings
  • Submitted patents/Intellectual Property Rights
  • University and third party contract/supplier information
  • Market sensitive information (eg concerning some property purchases)
  • Anything subject to or obtained under the Official Secrets Act

For any data you need to process or otherwise use, refer to the Information Classification Scheme (PDF, 187kB) in the first instance and assume, as a rule of thumb, that anything not covered defaults to strictly confidential.