Winrock’s data, information, and knowledge, including its intellectual property, other confidential information and information that others provide us (Winrock Information), is an important asset. Our funders, donors, employees, consultants, beneficiaries and volunteers expect, and some laws require, that we protect certain types of confidential Winrock Information, including personal information.
This Data Classification Policy describes the several types or classifications of Winrock Information, and for each classification, the appropriate collection, storage, transfer, and destruction, including data handling and security protections, that must be used based on the sensitivity of the information.
Individual obligations. All of Winrock’s workforce (each employee, Board member, volunteer, intern and fellow, partners, subcontractors, and consultant) is required to ensure that Winrock Information is appropriately handled and protected. Winrock’s workforce must comply with this policy and manage the Information based on the applicable classification.
Winrock classifies Information into four types:
These classifications apply to data, information, knowledge, or records in any form (written, electronic, or verbal) that Winrock creates, receives, manages or collects.
The following table describes, at a high level, how information within the different classifications is handled to ensure the proper level of confidentiality and protection. Click here for the Data Classification Procedure with more detailed information regarding the categories, examples, transmission, storage, and other handling requirements. The Highly Confidential classification presents the most risk to Winrock and must be handled with utmost care.
|Example of where Information might be located (not comprehensive)||-External Website winrock.org -Email, phone, text, social media||-Intranet WinShare -Email to WI staff only -All access Teams sites||-SharePoint Protected Collab or One-Drive -Limited access Team sites||-SharePoint Protected Collab or One-Drive -Limited access Teams sites|
|Where to store digital copies||-Any approved Winrock platform||-Any approved Winrock platform||-Any platform with limited and controlled access -No removable media||-Any platform with limited and controlled access -No removable media|
|Whether to encrypt while transmitting||-Not required||-Not required||-Not required but recommended||-Required|
|How to store hard copies||-Store anywhere||-Store anywhere within the office (not in a public place)||-Store with a level of security, such as in office cube/drawer||-Store in locked files|
|How to destroy||-Any way acceptable||-Office trash/professional recycle OK||-Shred or burn physical copies; contact the Service Desk for purging of electronic files||-Shred or burn physical copies; contact the Service Desk for purging of electronic files|