Types of data

Identifying and classifying types of data or information can be useful in the context of data security to help determine what:

  • legal obligations and rights may apply to the data or information;
  • benefits and risks may arise from its possession or use; and
  • the data or information can be used for, by whom, and in what circumstances.

Where applicable, it may be useful to classify or categorise data or information as:

  • personal information;
  • confidential information and trade secrets;
  • financial data or information;
  • intellectual property; or
  • government official information.

Personal information is defined in the Privacy Act 1988 (Cth) (Privacy Act).

An organisation may have confidentiality obligations to other parties in relation to data or information. It may have trade secrets such as valuable methods or know-how which are a source of competitive advantage.

There is no single, authoritative definition of financial data or information. Financial data or information may be publicly available, or it may be the confidential information of one or more organisations or individuals.

Likewise, there is no single, authoritative definition of intellectual property.

Government official information is information or data created by or relating to government agencies. It may be required to be treated in a particular manner, based on its security classification.

There are four main sources of legal obligations relating to data security:

  • legislation;
  • common law;
  • formal contracts and other forms of legally binding agreements; and
  • government requirements in relation to government official information.

Classifying or categorising data or information as being of a particular nature or type can help to determine the sources of legal obligations that may apply to particular data or information.