Skip to Main Content
You are now in the main content area

How to Classify the Data You Work With

With your help, TMU can minimize online threats.

All the data you work with at TMU can be categorized as either high, medium or low sensitivity, or public information. Here we compile an overview of each category and recommendations for treating data securely.

Infographic showing the difference between high, medium and low sensitivity data and public information. Long description below.

High - extremely confidential. Medium - confidential within Ryerson. Low - generally available within Ryerson but not public. Public - anything readily available.

High sensitivity

What is it?

Data classified as high sensitivity is extremely confidential information that must be handled only by specific people for specific purposes. 

What are the risks?

Risks from a data breach may include physical or other serious harm to individuals or the university.

Examples of highly sensitive data

Health information

Credit card PINs or passcodes

Social insurance numbers (SIN)

Passport information

Driver’s license information

Sensitive research data

Systems documentation such as network diagrams, eHR or MyServiceHub database schema

Student and employee financial records

Employee-specific employment files

Medium sensitivity

Medium sensitivity

What is it?

Data classified as medium sensitivity is confidential within TMU and should be handled by specified groups of employees.

What are the risks?

Potential risks from a data breach may include harm to the university or individuals through moderate financial loss, damage to partnerships, reputation and intellectual property.

Examples of medium sensitivity data

Students numbers (in very small quantities)

Department budgets

Alumni contact information

Grades

Low sensitivity

Low sensitivity

What is it?

Data classified as low sensitivity is information generally available within TMU but not available on public-facing websites or otherwise publicly distributed.

What are the risks?

Potential risks from a data breach may include minor financial loss, reputational impact or inconvenience. 

Examples of low sensitivity data

Internal department reports and plans

Anonymized unpublished research information

Public information

Public information

What is it?

Data classified as public information is anything readily available for educational or general purposes.

What are the risks?

There are very little to no potential risks or harm if public information is accessed or released.

Examples of public information

Infographic showing examples of public information. Long description below.

Content published on the TMU website

Infographic showing examples of public information. Long description below.

Publications and journals

Three ways to limit data exposure

While it’s never possible to completely eliminate the risk of data exposure, you can do your best to reduce risk by asking yourself the following:

Do I need this data?

Information sensitivity can be reduced by masking details or by not collecting sensitive information if you don’t need it in the first place.

Do I need the data to appear in several documents?

Avoid creating unnecessary copies of sensitive information that will have to be safeguarded to the same degree as the original information.

Do I still need this data?

Keep information only for as long as necessary for its purposes.

What to do with unclassified data

If you’re unsure of your document’s sensitivity, it’s best to treat it as highly sensitive until it is classified. TMU's Privacy Office can help you classify data and conduct a privacy impact assessment to determine risks and the right safeguards. Please contact fippa@torontomu.ca for guidance.