Using the Information Classification Matrix

Use the Information Impact Assessment matrix to identify the appropriate classification for the information that is being handled based on the potential impact of unauthorized disclosure. Start at the Examples of Information and work across and down until a classification has been identified.

Example: A Manager must send the hard copy personnel file of a staff member to another person at McMaster University. The Manager would look at the Information Impact Type within the Information Classification Assessment matrix to determine that this is personally identifiable information. The information in this example is classified as “Confidential”.

Once the classification has been identified, use the information in the first and second columns of the Information Handling Guidance matrix to find the action that will be taken on the information.

Example: The Manager will have the hard copy mailed to their colleague, thus the transmission method is “Transmission by Post, Fax or e-mail”, “Mail within the McMaster University (i. e. between buildings or campus locations)”.

Now look along the row until you get to the relevant column which will provide guidance on handling that information.

Example: The information is classified as “Confidential”, thus the handling guidance is “Sealed inter-office envelope marked – Private and Confidential”.

For instances where information cannot be readily classified it should be handled as “Confidential” and either the University Secretariat or the Chief Information Officer should be consulted.