Examples of Data Classes

2012/02/22 by ITSRM

These subsidiary rules to Operational Circular Nº11 provide guidance on how data should be classified in order to reach consistency across the Organization. Each list below is for illustrative purposes only and not supposed to be exhaustive.

Examples of Sensitive Data

  • Personal data: the Medical File; documents and forms leading to the decision taking, in particular for disability or disciplinary sanctions; data related to fraud and harassment investigations and internal appeals; payment data; bank account details.
  • Computing data: security data like login information, command line activity or network traffic; forensics data; AFS/DFS "private"-folders; e-mail folders; passwords, certificates and other credentials; records of incoming and/or outgoing calls.
  • Financial and contractual data: credit card information; bank account details; e-banking; payment data; bids in response to price inquires and call for tenders; performance indicators.

Examples of Restricted Data

  • Personal data: Personal Administrative File (in particular all documents certifying the personal and professional situation of a MP like date-of-birth, marriage, divorce certificates; administrative decisions as to assignment of functions, change of department, recognition of merit etc.), recognition of merit (e.g. the MARS form), sex, nationality, private address & telephone number, employment applications and contract information, salary, salary position, CERN ID; decisions following a disciplinary procedure (issue of warning/reprimand or other disciplinary sanctions) and decisions on the recognition of a disability; staff association membership; the "Pension Fund file".
  • Computing data: AFS/DFS user spaces; MAC addresses; analysis software; elogbooks; accounting information for professional usage of a service, e.g. access to buildings or Grid resources; video surveillance streams (live and archive).
  • Financial and contractual data: budget information and budget plans; team accounts; information covered by non-disclosure agreements (NDAs); CERN issued price inquires and call for tender documents (after market survey); offers; orders; contracts; IT documents (including list of suppliers); supplier invoices; accounting entries; requests for funds (CERN invoices); bank contracts; Knowledge Transfer contracts; sales reports; policies & procedures; performance indicators; Qualiac DB.
  • Documents: papers/analyses in draft; operations manuals; meeting minutes; internal memos; invention disclosure; patents (before publication); official letters.
Examples of Data Internal to CERN

"CERN Internal Data" are a form of Restricted Data, with access limited to all people holding a valid CERN computing account ("CERN primary account").

  • Personal data: preferred language; CERN ID photo; direct contact information like building and office information, e-mail addresses, telephone numbers (e.g. as used in the CERN phonebook).
  • Computing data: account names, account details (see e.g. CERN Account Management); WebReq device information; scans of number plates.
  • Financial and contractual data: certain AIS documents (like DAI, TID, JOB, SHIP, MAT) where the objective is to show CERN contributors where money is spent; supplier database; financial rules; purchasing reports; some finanical committee documents.
  • Documents: internal notes; non-public CERN policies; manuals; internal vacancies.

Examples of Public Data

  • Personal data: name, first name, CERN organization unit, institute or experiment affiliations, roles (DH, GL, SL, CSO, GLIMOS, SLIMOS, TSO, DSO, DPO, ...); generic contact information like P.O. box number, e-mail addresses, telephone numbers.
  • Computing data: AFS/DFS "public"-folders; software under copyleft license; public web-sites.
  • Financial and contractual data: vacancies; the Staff Rules and Regulations; Member State documents (once published); financial accounts; market surveys; financial committee documents.
  • Documents: official CERN publications; papers; patents (after publication); Knowledge Transfer reports; this policy.