Page 20 - Privacy_Program
P. 20

DATA CLASSIFICATION POLICY [DP112]
        Back to Table of Contents


        Scope: Enterprise
        Distribution: All Employees
        Purpose: To document the Privacy Steering Committee’s direction with regard to information privacy.
        External Regulation or Standard: GAPP Principle 1: Management


        Who is Responsible    Statement     Policy, Standard, or Procedure Statement
                              Number
        Director of Information   DP112.1   For the purposes of this policy and its related standards and processes, the
        Technology, Privacy and             organization establishes the following information classifications:
        Data Security to Establish


        Employees             DP112.1a      Public Business Information: Information that is generally available through
                                            public means or that is considered common business knowledge within our
                                            organization and its business partners. This information, if publicly exposed,
                                            would not cause the organization harm. Examples include statements released to
                                            media organizations, documents posted on the public website, newspaper
                                            articles about the organizations, marketing materials, company newsletters, the
                                            Annual Report, a document that describes employee benefits and staff
                                            directories containing business contact information.  Information about an
                                            individual employee (other than publicly‐available staff directories), a participant
                                            or a store customer will never be Public Business Information (it is Privacy
                                            Restricted Information).
        Employees             DP112.1b      GES Internal Use Information: Information that must not go outside the
                                            organization without appropriate managerial authority. This information, if
                                            publicly exposed, could cause significant harm to GESMN or another business.
                                            Examples include contracts with a company that provides services to the
                                            organization, budget reports, information about GESMN’s future business plans
                                            and/or marketing strategies, intracompany mail, a list of potential funding
                                            prospects, and curriculum or other materials created by GESMN for the purpose
                                            of providing services.  Information about an individual employee, a participant or
                                            a store customer is Privacy Protected Information.































         GES CONFIDENTIAL                                                                                    20
   15   16   17   18   19   20   21   22   23   24   25