12 Personal Data Categories and Classification

Category
CAT 1/ INTERNAL

CAT 2/IN
CONFIDENCE

CAT 3/IN
CONFIDENCE

CAT 3L/IN
CONFIDENCE/IN
STRICTEST
CONFIDENCE
CAT 3H

CAT 4

2
3

8
9

10

11

12
ersonal Data Categories and Classification of Persona

Description
1- personal data-low risk = INTERNAL controls
Cat 1: e.g. person’s equipment, job title, company name, work location, etc.

2- personal data but less then 3 = IN CONFIDENCE (IC) controls

Cat 2: e.g. person’s name, contact details (address, phone number, e-mail), service order history, e

3- personal data …

Cat 3: e.g. financial information, service usage details, user ids, passwords, passport number, most
information, etc.

3L = IN CONFIDENCE (IC) controls

3H = In Strictest Confidence (ISC) controls

4- sensitive personal data = In Strictest Confidence (ISC) controls

Cat 4: Sensitive Personal Data (legal definition) e.g. race, political opinions, religion, health, crimina

Category Type

Any Living Person

Unique Person Identifier (National Identifier, National Insurance Number, Social Security Number, e
Name (first name, surname, middle names)
Gender (male, female, Mr, Mrs, Miss, Ms)
Marital status
Personal Nationality
Date of Birth (DoB)
Date of Death (DoD)
Person record created date
Person record cease date
VIP (person status indicator)
Power of Attorney (PoA) / People acting on behalf of another (third parties)
Security Clearances (Vetting information)
Personal photo pictures or video images (e.g. CCTV, visual media, stills of people, etc.)
Person Document (Citizenship, Passport, Visa, Work Permit)
Driving licence number
Other personal information: economic, cultural or social e.g. personal habits.
Special Categories of Personal Data (aka Sensitive Personal Data (SPD))
Race or ethnic origin (person diversity information)
Political opinions (or memberships)
Religion or philosophical beliefs (person diversity information)
Sexual orientation or gender identity (person diversity information, sexual preference)
Trade-union membership and activities (Employer Relations)
Genetic or Biometric data
Health or sex life (including disabilities - person diversity information, eyesight, ability to climb ladd
or eligibility for healthcare, applications for reasonable adjustments, assessments of support need
physiological, mental, addictions, incl equipment to support disabled employee, Healthcare, etc.)
Administrative sanctions (e.g. official warnings and fine for non-criminal offences)
Judgments
Criminal or suspected offences (including alleged offences, information relating to legal / tribunal p
and courts)
Convictions
Related security measures (including specific protection measures put in place for certain identifiab
Person Contact Details
e-mail address(s)
Postal Address (home and/or business)
Country of Residence
Phone Number
Contact Number (fixed/mobile)
Associated Persons (Emergency contacts, next of kin, dependants)
Contact notes from calls
Opinions written on a person (free notes, leave reasons)
Other location data (grid reference, Satnav location, whereabouts and meeting schedules, etc.)
Signatures (including electronic ones)
Person Financial Information
Bills / Invoices (amount of bill, breakdown, itemised charges)
Credit history (credit reference)
Card details
Bank account (including sort code)
Banker's Automated Clearance System (BACS) Info (e.g. direct debits and standing orders)
Payment Card Industry (PCI) data
Other bank account information (account passwords, user ids , email addresses, etc.)
Income, Payment history
bad or disputed payment records
Tax information, social security, benefits information (on an individual)
Service Usage
Identifiers provided by devices, applications, tools & protocols (e.g. Internet Protocol addresses, co
Radio Frequency Identification tags, laptop identification number, serial numbers)
Call records (originating and terminating, numbers called + date & time)
Viewing preferences
network kit allocated
Router logs
Personal data traffic and communications records
Recordings (audio conferencing calls or video conferencing)
Broadcasting and storage of content on individuals (including opinions on individuals)
Authentication / Identity (applicable to both systems & service users)
user ID/login/account
passwords
validation details / shared secret questions (mother's maiden name, first school, first pet, etc.)
Identity Management (User Profile)
Consumer Customer (including users or subscribers of services)
Customer Identifier

Data Consent (evidence or obtaining) marketing preferences / stop requirements

Business Sole Trader / Small Medium Enterprises (SMEs) / Partnerships
Customer Employee Identifier
Account rights (e.g. authority to place orders)
Name of Customer (company or organisation name)
position
job title
Type of business organisation (e.g. SME, partnership)
Business Contact (could be a customer site contact or supplier contact)
Customer or Supplier Employee Identifier
Account rights (e.g. authority to place orders)
company
position
job title
Supplier Representatives (e.g. details of service leads, sales people)
General Employee (incl direct employees, contingent workers i.e. temporary emp
Employee Identifier (Agent ID, payroll or "works" number)
Recruitment (employee referral, candidate, offer,)
Recruitment (candidate assessment, job application)
Recruitment (pre-employment check)

Assignment Details
Employee (Employment Rights, Memberships, Volunteering, etc.)

Employee Conduct (e.g. investigations of possible misconduct)

Employee Organisational Data
Employee Personal Asset
Employment Contract (Documentary Evidence)
Job Description, Job Title, Job Data (Grade, Hours, HR Job)
Work Location
Work Relationship (Assignments, Length of Service, Role changes and dates etc.)
Learning Management (Employee Training Record)
Remuneration & Reward (Benefit (Shares, Company Car, Reward Choices, etc.), Compensation (Sa
Allowances, Ad Hoc Payments, Bonus), Pension Plan)
Supplier (Purchase Order, Purchase Requisition)
Contingent Workforce Indicator (Contingent Worker)
Direct Employee (or ex-employee or pensioners)
Absence (Employee Absence Record (incl Adoption Leave, Sickness, Industrial Action etc.))

Health & Safety (Health & Safety Event (Accident, Incident records))

Case Management (HR Case (incl Abandonment, Grievance etc.))

Case Management (Occupational Health Activity)

Employee Exit (Leaver Details (incl Dismissal, Medical Retirement))

Payroll (Payroll Record including Salary Deductions (Trades Union Membership Deduction, County C
etc.) and Sick Pay )
Performance (Performance Improvement Plan)
Performance (Performance Assessment, Performance Rating, Personal Development Plan, Review, G
notes)
Associated persons benefits (medical benefits, etc.)
Personality profiles (e.g. Myers-briggs or similar)
Employee attitude surveys (e.g. Your Say, CARE)
Employee Talent Profile
Learning Management (Learning Offering, enrolment)
Remuneration & Reward (Recognition)
Pensioners details (including information shared between pension schemes and tax authorities)
Engineers rostering/site visits
Vehicle tracking/monitoring devices and records (e.g. which drivers use more fuel)
Classification of Personal
Data Category
Data

IN STRICTEST CONFIDENCE 3H
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
INTERNAL 1
INTERNAL 1
INTERNAL 1
IN CONFIDENCE 3H
IN CONFIDENCE 3L
IN STRICTEST CONFIDENCE 3H
IN CONFIDENCE 2
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
Classification of Personal
Data Category
Data
IN STRICTEST CONFIDENCE Category 4
IN STRICTEST CONFIDENCE Category 4
IN STRICTEST CONFIDENCE Category 4
IN STRICTEST CONFIDENCE Category 4
IN STRICTEST CONFIDENCE Category 4
IN STRICTEST CONFIDENCE Category 4

IN STRICTEST CONFIDENCE Category 4

IN STRICTEST CONFIDENCE Category 4
IN STRICTEST CONFIDENCE Category 4

IN STRICTEST CONFIDENCE Category 4

IN STRICTEST CONFIDENCE Category 4
IN STRICTEST CONFIDENCE Category 4
Classification of Personal
Data Category
Data
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
Classification of Personal
Data Category
Data
IN CONFIDENCE 3L
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
IN CONFIDENCE 3L
IN CONFIDENCE 3L
IN STRICTEST CONFIDENCE 3H
Classification of Personal
Data Category
Data

IN CONFIDENCE 2
IN CONFIDENCE 3L
IN CONFIDENCE 3L
INTERNAL 1
IN CONFIDENCE 3L
IN CONFIDENCE 3L
IN CONFIDENCE 3L
IN CONFIDENCE 3L
Classification of Personal
Data Category
Data
IN CONFIDENCE 3L
IN STRICTEST CONFIDENCE 3H
IN STRICTEST CONFIDENCE 3H
IN CONFIDENCE 3L
Classification of Personal
Data Category
Data
 3L (pure list of Customer
IDs) to 3H (if on an app
that includes other
Consumer Customer
IN STRICTEST CONFIDENCE info)
IN CONFIDENCE 2
Classification of Personal
Data Category
Data
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
Classification of Personal
Data Category
Data
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
IN CONFIDENCE 2
Classification of Personal
Data Category
Data
IN CONFIDENCE 2
IN CONFIDENCE 3L
IN CONFIDENCE 3L
IN CONFIDENCE/IN STRICTEST
CONFIDENCE 3H
IN CONFIDENCE 2
3L to 3H (note trade
IN CONFIDENCE/IN STRICTEST union membership
CONFIDENCE captured above = 4)
IN CONFIDENCE 3L
INTERNAL 1
INTERNAL 1
IN CONFIDENCE 3L
IN CONFIDENCE 2
INTERNAL 1
INTERNAL 1
IN CONFIDENCE 2

IN CONFIDENCE 2
INTERNAL 1
INTERNAL 1
Classification of Personal
Data Category
Data
IN CONFIDENCE/IN STRICTEST
CONFIDENCE 1 to 4
IN CONFIDENCE/IN STRICTEST
CONFIDENCE 2 to 4
IN CONFIDENCE/IN STRICTEST
CONFIDENCE 3H
IN CONFIDENCE/IN STRICTEST
CONFIDENCE 4
IN CONFIDENCE/IN STRICTEST
CONFIDENCE 3 to 4
IN CONFIDENCE/IN STRICTEST
CONFIDENCE 2 to 4
IN CONFIDENCE 3L

IN CONFIDENCE 3L
IN CONFIDENCE 3L
IN CONFIDENCE 3L
IN CONFIDENCE 3L
IN CONFIDENCE 2
INTERNAL 1
INTERNAL 1
IN CONFIDENCE 3L
IN CONFIDENCE 2
IN CONFIDENCE 2