top of page

2.2 - Information Classification

Exam Board:



2016 - Unit 2 

Information can be classified into different groups. Some data may fall into more than one classification.

Sensitive Information


Information that should be protected from being publicly released as it could harm the safety or privacy of an organisation or an individual.


  • Medical data that could be embarrassing to an individual if released.

  • Financial data that will negatively impact the company if made public to competitors. 

Non-Sensitive Information


Information that can be released publicly with no fear of negative consequence.


  • Store information including shop addresses, opening hours and the names of senior managers.

  • Product information including prices, online reviews and general availability.

Private Information


Private information relates to an individual and it should not be shared with anyone else without the data subject's permission. Private information is protected by the Data Protection Act and would need to be stored securely so it cannot be accessed without authorisation.


  • Home addresses, contact information, birth dates and banking details.

  • Employee data such as linked bank accounts and addresses.

Public Information


Released to the public and can therefore be seen by anyone. Public information is non-sensitive.


  • Social media usernames, posts and shared images.

  • Public business information including addresses, promotional material and opening times.

  • A government report like the national census every ten years.

Personal Information


Identifiable data about a specific individual.


  • Full name, date of birth, gender, marital status, medical history, sexual orientation and voting history.

Business Information


Any kind of data about a specific business. This information could be public or private.


  • Address of its headquarters

  • Financial data or employee details.

  • Annual sales figures.

Confidential Information


Private data that is more restricted than sensitive information, with access limited to only those who need to know.


  • Doctor / therapist notes

  • Business Profits and losses

  • Trade secrets

Classified Information


Highly sensitive information stored by a government institution, requiring the highest levels of restricted access. Access is usually restricted by law and only viewable by authorised individuals or groups.  In the UK there are three levels of classified information: OFFICIAL, SECRET and TOP SECRET.


  • Military data

  • Terrorism precautions

  • Crime scene reports

Anonymised Information


Anonymisation removes personally identifiable data from information so that an individual cannot be identified. This allows the information to be used in much wider context without running the risk of legal action.


  • Partially anonymised information - where some of the personal information has been removed and replaced by a symbol.

  • Completely anonymised information - where all identifiable data has been removed

Bank details are often partially or completely anonymised. A partially anonymised credit card number might be listed as:

**** - **** - **** - 7427

Problems with anonymising data include:

  • If sensitive data is not anonymised enough and the person can be identified.

  • Useful information could be lost if too much data is anonymised.

  • The public could lose trust in an organisation if data is insufficiently anonymised.

Monochrome on Transparent.png

Questo's Questions

2.2 - Information Classification:

1. Describe each type of information classification and give at least two examples:

  • a. Sensitive information [3]

  • b. Non-Sensitive information [3]

  • c. Private information [3]

  • d. Public information [3]

  • e. Business information [3]

  • f. Confidential information [3]

  • g. Classified information [3]

  • h. Anonymised information (partial and complete) [6]

2. State which classification(s) the following pieces of information would be categorised as. It might fit into more than one category. 

  • a. Shop opening times [1]

  • b. Medical history [1]

  • c. Twitter username [1]

  • d. Crime scene report [1]

3. Describe three problems that organisations should consider when anonymising data. [6]

bottom of page