10 WHO data assets and information are classified by all individuals in WHO responsible for their creation, initial receipt, retention, or use of data or information on the basis of sensitivity and impact to WHO and Member States should those data or information be disclosed, altered or destroyed without authorization. Data classification helps to determine the necessary security controls that are appropriate for safeguarding those data assets and information. Other factors to consider in the classification of data include the impact of accidental corruption, modification or loss to WHO and Member States.[1]
20 The following classifications are used for WHO data assets and information:
- “Strictly Confidential" applies to data assets and information that are highly sensitive and whose unauthorized disclosure, alteration or destruction could represent a significant risk of grave damage to the Organization, Member States or individuals. Such data and information strict controlled access and distribution. Without limitation, they may include: sensitive personal data (see paragraph 40); data protected by non-disclosure agreements, such as intellectual property and trade secrets records; data protected by Member State privacy regulations; information that could result in: failure of operations including loss of life or serious injury, negative impact on public safety, cessation of functioning in all or part of the Organization, significant monetary loss, loss of productivity, serious legal ramifications prejudicial to the Organization, significant damage to or destruction of partnerships, select human resources records (e.g., disciplinary files, Administrative Review documents, appeal documentation, personal information on staff or family members), information related to mediation, select financial records (e.g., electronic banking access details, bank account details, salary information), sensitive information on dealings with Member States, donors and partners, information on security vulnerabilities and incident reports, IT technical and security audits, assessments and reviews, staff medical records, IOS investigations, information on internal audit or fraud and security investigations, select DGO/RDO/Director IARC records and documents, select LEG records and documents, records and documents (e.g., contracts) containing information which WHO is legally obliged to retain on a confidential basis, passwords and PIN codes for access to WHO systems, etc. These data should be protected by the highest level of security controls, such as encryption, containment, physical and technical safeguards to restrict document and technical access, and other security methods
- “Confidential". Data assets and information that are sensitive and whose unauthorized disclosure, alteration or destruction could represent a moderate risk of damage to the Organization, Member States or individuals. Such data and information require controlled access and distribution. Confidential data and information, without limitation, may include: personal data that are not classified as strictly confidential; procurement evaluations for bidding purposes; supplier contracts; internal communications not including strictly confidential data; certain types of research data (see section XV3.1); operational data; records of decisions; audio or video recordings; select financial records (e.g., audit reports, statistics and tracking, working procedures); select human resources records (e.g., employment history in WHO, travel claims, vacancy notices before publication); internal telephone directories; information on WHO HQ and Regional office Intranets; E-mail correspondence of a nature that is not strictly confidential or administrative exchanges; internal procedures. These data should be protected by reasonable security controls, such as a WHO password with dual factor authentication (see section XXII.2.5, paragraph 30). If transferred, such data should be encrypted (see section XXII. 2.7).
- Public. Data assets and information that are not sensitive and whose unauthorized disclosure, alteration or destruction would represent little or no risk for the Organization, Member States or individuals. Public data and information may be freely accessible but not modifiable by the public and, without limitation, may include: data assets such as aggregate data and indicators published in the WHO Global Health Observatory, regional health observatories or Datadot; and data assets on the WHO website that can be accessed without any authentication, such as WHO press releases, promotional materials, publications, the names and affiliations of participants in expert groups and technical advisory groups, and the names and locations of WHO collaborating centres; information published on the WHO public website and the public websites of regional and country offices; annual reports of WHO governing bodies; publications and other materials that are made available to the public; standard information issued by the Organization, etc.. All WHO data that have not been classified as strictly confidential or confidential and have been authorized for public access (see section XXII.5) should be classified as public.
[1] For example, in the event of accidental corruption, modification or loss of data assets, would this result in: (I) no impact or a very minor inconvenience but data could be restored from the same source (I.e., low); (ii) inconvenience if the data assets are unavailable for more than 24 hours, but data could be restored from other sources (I.e., medium); or, (iii) a major embarrassment or serious outage for WHO and partners, and recovery would be laborious and difficult, or not possible.