Data Classifications

Sensitive

Data that isn’t public but whose unauthorized disclosure or alteration can harm individuals or the organization—think PII/PHI (Social Security numbers, health records), payment card data, payroll details.

Public Data

Freely accessible information intended for the general public. No privacy or compliance concerns whatsoever. Examples: Brochures, press releases, websites, and government data portals

Private Data

Internal-use data that doesn’t circulate outside the organization—employee directories, internal memos, non-critical project plans. Access is limited to staff or specific business units.

Confidential Data

Information an organization intends to keep secret within a designated group. Access is restricted to authorized personnel based on role. Examples: Salary data, trade secrets, internal memos, customer lists

Restricted Data

Data subject to external regulations or legal requirements that limit access and control its handling.

Critical Data

Information essential for the success of a specific mission or core function within an organization. its loss or disruption could significantly impact the organization’s ability to achieve its goals. Examples: Financial records, customer databases, operational control systems, research data