Applying the Data Classification Standard to research
Descriptions and examples of the University's data classification standard, as applied to research data.
Purpose and scope in research
The University's data classification standard supports:
- A risk-oriented approach to evaluating the potential consequences of data exposure or loss for staff, students, research participants, and the University’s reputation.
- Recognising the strategic and intellectual value of research data throughout its lifecycle.
- Identifying and mitigating risks inherent in data collection, storage, and sharing.
- Maintaining adherence to University policies, and in particular the Research Data Management Policy.
- Alignment with the NZ government classification for information security.
Applying the standard within a research project
- Identifying the classification of research data within a project is essential for complying with the Research Data Management Policy. It also plays a critical role in selecting systems, applications, and tools (including AI technologies) used to capture, store, analyse, share, and preserve research data.
- A research project may involve multiple data classifications, reflecting the lifecycle of data from initial capture or generation through to analysis and, where appropriate, sharing. Researchers can reduce the risk and classification level by, for example, anonymising data through redaction, or aggregation.
- When making decisions that apply to the project as a whole, researchers are often asked to indicate or consider the highest data classification that applies.
- Use a Data Management Plan (DMP) to record data classifications and the associated data management decisions throughout the project lifecycle.
Contact
eResearch Engagement Lead
Email: Laura Armstrong