RM-9.1.12

Entire section

Custom print

Link

Text Only

Rich Text

Print

Location:

Versions

Apr 01 2019 - Dec 31 2021
Jan 01 2022

With respect to Subparagraph RM-9.1.11(a), data classification entails analyzing the data the licensee retains, determining its importance and value, and then assigning it to a category. When classifying data, the following aspects of the policy should be determined:

a) Who has access to the data;

b) How the data is secured;

c) How long the data is retained (this includes backups);

d) What method should be used to dispose of the data;

e) Whether the data needs to be encrypted; and

f) What use of the data is appropriate.

The general guideline for data classification is that the definition of the classification should be clear enough so that it is easy to determine how to classify the data. In other words, there should be little (if any) overlap in the classification definitions. The owner of data (i.e. the relevant business function) should be involved in such classification.

Amended: January 2022
Added: April 2019