Research Information Classification

At UBC, researchers are responsible to ensure the research information (data) collected, processed, stored, and shared meets the university security and privacy requirements, as well as applicable provincial, national, and international regulations. It is necessary to classify information based on the risk level to ensure that it receives the appropriate protection.  

Before you read this page:

Regardless of the information classification associated with a research project, it is recommended that researchers consult an information security professional when planning a research project that will collect, process, store, and/or share research information. 

This page presents some, but not all, research-related examples of research information classification and may not include all information that is applicable to your specific research project.

For assistance, please contact arc.support@ubc.ca;

Classification Table

Considerations:

  • The table below is meant to supplement, not replace ISS-U1 by providing more research-related examples;
  • There may be instances where the data steward/owner requires that the data provisioned to you be classified at a higher risk than what is listed below;
  • Please review your research agreements, consent forms, and/or ethics documents to determine this requirement;
  • There may be instances when the description of the research information you hold fits into two or more classification levels.
 
Classification
Research Information Examples
Potential Impact
Green Color blockLow Risk
Information that would cause minimal harm if disclosed, or may be freely disclosed.
  • Published manuscripts
  • Publicly available/aggregated information (depending on Terms of Use)
    • E.g. Data on public Statistics Canada website; PHSA Community Health Atlas
  • Names and business contact info of Faculty or Staff members
  • Data analysis scripts (if it is not protected by a non-disclosure agreement (NDA) OR if it does not include personal or health information).
Minor embarrassment, minor operational disruptions.
Orange Color BlockMedium Risk
Information that is not protected by law or industry regulation from unauthorized access, use or destruction, but could cause harm to UBC or others if released to unauthorized individuals.
  • Non-personal but proprietary research data
    • E.g. a novel drug formula made in partnership with a pharmaceutical company, software written in conjunction with a commercial partner, patentable software, animal genomics
  • Submitted manuscripts that are currently under embargo
  • Restricted circulation of library journals
Reputational and financial impact, loss of priority of publication, loss of access to journals and other copyrighted materials
Wine red color blockHigh Risk
Information that must be protected by law or industry regulation from unauthorized access, use or destruction, and could cause moderate harm if disclosed.

Most research data involving human participants would fall under this, at a minimum.

  • Personal information
    • E.g. videos and photos of research participants, scraped non-health human data, student or employee IDs, home addresses, student name, student grades, Personal Education Numbers (PEN)
  • De-identified human datasets (non-health)
    • E.g. grades+faculty+information even if de-identified; Age, sex, geographic area even if de-identified
Moderate harm to one or more individuals, identity theft, impact to University reputation or operations, financial loss such as regulatory fines
Bright red color blockVery High Risk
Information that must be protected by law or industry regulation from unauthorized access, use or destruction, and could cause significant harm if disclosed.
  • Personal health information (e.g. health-related data)
    • E.g. Personal Health Number (PHN), MRN, De-identified health datasets (e.g. admission date+location + health service rendered + cancer site + medications even if de-identified)
  • Biometric data
  • Identifiable human genetic data
  • Biospecimens
Significant harm to one or more individuals, identity theft, severe impact to university reputation or operations, financial loss such as regulatory fines or damages from litigation

 

Additional Resources 

To learn more about UBC information privacy and security, visit:

UBC Privacy Matters

To learn more about UBC security requirements, visit:

Office of the Chief Information Officer

Can’t find what you are looking for? 

Send us an email at arc.support@ubc.ca to talk to one of our subject matter experts.  

 

Advanced Research Computing signature UBC Support Programs to Advance Research Capacity

Part of the VP Research & Innovation portfolio

Advanced Research Computing

West Mall Annex 202, 1933 West Mall
Vancouver, BC Canada V6T 1Z2
E-mail arc.support@ubc.ca

UBC receives support for managing its research enterprise from the federal Research Support Fund.

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. External Link An arrow entering a square. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service.