All DES data must be classified using the categories below. For more information or assistance, please contact ETS Information Security and Records Management.
Category 1 - Public Information
Public information is information that can be or currently is released to the public. It does not need protection from unauthorized disclosure but does need integrity and availability protection controls.
Category 2 - Sensitive Information
Sensitive information is not specifically protected from disclosure by law but is for official use only. Sensitive information is generally not released to the public unless specifically requested.
Category 3 - Confidential Information
Confidential information is information that is specifically protected from either release or disclosure by law. This includes, but is not limited to:
- Personal information as defined in RCW.42.56.590 and RCW 19.255.010.
- Information about public employees as defined in RCW 42.56.250.
- Lists of individuals for commercial purposes as defined in RCW 42.56.070(8).
- Information about the infrastructure and security of computer and telecommunication networks as defined in RCW 42.56.420.
Category 4 - Confidential Information Requiring Special Handling
Confidential information requiring special handling is information that is specifically protected from disclosure by law and for which:
Especially strict handling requirements are dictated, such as by statutes, regulations, agreements, or other external compliance mandates.
Serious consequences could arise from unauthorized disclosure, such as threats to health and safety, or legal sanctions.
Determining Categories
Not all data elements are captured in the table below; these are the most commonly viewed, discussed, and/or captured elements at DES. It is your responsibility to ensure the data you are working with has a data category assigned to it and that it is documented. Please contact ETS Information Security and Records Management if you have any questions or need assistance classifying any data elements.