Data Risk Assessment

Created On: Jan 27, 2023 / Last Modified: Jan 27, 2023

Generally speaking, the risk level of your data relates to the sensitivity of your data.

Low Risk:

• Publicly available data where there is no reasonable expectation of privacy, regardless of sensitivity or identifiability.
• Data collected with no information that could reasonably identify individuals or groups.
• Data contains no confidential, private, or sensitive information.
• Data subjects are not vulnerable in the context of the research and would not be harmed if a breach were to occur.

Medium Risk:

• All identifiers collected have been stripped so that data has no information that could reasonably identify individuals or groups.
• Data may contain information originally collected as confidential, private or sensitive.
• Data subjects are not vulnerable in the context of the research and would not be harmed if a breach were to occur.

High Risk:

• Identifiers remain and/or (re)-identification is possible or probable.
• Data contains confidential, private or sensitive information.
• Data subjects may be vulnerable in the context of the research and may be harmed if a breach were to occur.

Extreme Risk:

• Data acquired through an agreement (formal or informal) with a custodian, barring further use or retention.
• Identifiers remain and/or (re)-identification is possible or probable.
• Data contains confidential, private or sensitive information.
• Data subjects are vulnerable in the context of the research and would be harmed if a breach were to occur.

If you aren’t sure about the risk level of your data, you can reach out to us by sending us an email and a member of our team would be happy to meet with you to discuss your data security needs.