Because USG data must be given appropriate protection from unauthorized use, access, disclosure, modification, loss or deletion, each USG organization must classify each record. When classifying a collection of data, the most restrictive classification of any of the individual elements should be used based on the following classification structure or similar schema required by regulations governing specific data domains.
Unrestricted/Public Information is information maintained by a USG organization that is not exempt from disclosure under the provisions of the Open Records Act or other applicable state or federal laws. Some level of control is required to prevent unauthorized modification or destruction of public information.
Sensitive Information is information maintained by a USG organization that requires special precautions to protect from unauthorized use, access and disclosure guarding against improper information modification, loss or destruction. Sensitive information is not exempt from disclosure under the provisions of the Open Records Act or other applicable state or federal laws but is not necessarily intended for public consumption.
Confidential Information is information maintained by a USG organization that is subject to authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. (44 USC Sec 3542) Confidential classified documents are exempt from disclosure under the provisions of the Open Records Act or other applicable state or federal laws.
Personal Information may occur in unrestricted/public, sensitive, and/or confidential information. It is information that identifies or describes an individual and must be considered in the classification structure. Please refer to the IT Handbook for further information and guidance.
