Skip to content Skip to menu

We use cookies

We use cookies to analyze traffic, remember preferences and improve the usability of the website. To give your consent, click on the "I Agree" button.

Settings I agree

You can refuse consent at any time.

  • CS

Safety MENDELU

Classification of information at MENDELU

17. 7. 2025

The university processes a wide range of information – from publicly available data to sensitive personal information and protected internal documents. To ensure their appropriate protection, it is important to distinguish the type of information we are working with and follow clear security rules accordingly. This overview will help you understand the classification of information at MENDELU and how to handle it correctly in practice.

Every employee and student at MENDELU comes into contact with various types of information daily – whether it’s routine internal communication, personal data of colleagues or students, or technical materials for research and projects. However, not all information has the same level of sensitivity, and some require significantly more careful handling than others.

Correctly identifying the sensitivity of information and adhering to appropriate security measures is crucial not only for protecting the university but also for meeting legal obligations – such as those under the Cybersecurity Act, GDPR, or commitments from partnership agreements.

This article briefly guides you through the information classification as established at MENDELU and provides practical recommendations on how to securely handle different types of information – whether it involves their storage, sharing, or deletion after use.

Information Classification

It enables the differentiation of university information types based on their sensitivity and value to the organization in case of loss, damage, or misuse. It helps employees and students understand the value of the information they work with and determine what security measures should be taken to protect it.

It is based on:

  • Act No. 181/2014 Coll., on Cybersecurity,

  • GDPR Regulation (EU 2016/679),

  • Act No. 412/2005 Coll., on the Protection of Classified Information,

  • MENDELU internal regulations (e.g., Information Security Directive, ICT Technology Operating Rules).

What is Information?

  • Information carries knowledge and meaning – it consists of data created, stored, or shared within the university’s activities.
  • It may result from human or system activities and holds a certain value, regardless of whether it is recorded electronically, on paper, or communicated orally.
  • For security purposes, it’s important to understand information as something deserving appropriate protection based on its significance and context of use.
  • More information on handling research data can be found on the Open Science Centre website, specifically in the article Data Categorization. You will learn, for example, which storage systems are suitable for data, how data is stored in repositories, how to work with informed consent of participants, or how to proceed with anonymization.

Information is classified into four levels of sensitivity:

PUBLIC INFORMATION

Information accessible without any restrictions. Its disclosure poses no risk.

Examples:

  • presentations from public lectures
  • public sections of the MENDELU website
  • public minutes or reports
  • publicly accessible research reports
  • open-source code, public dataset samples
  • public research data
  • public Data Management Plans
  • public posters

Security Guidelines for Users

  • No special security measures are required.

  • Can be stored on any storage, including personal devices and clouds (Dropbox, Google Drive, etc.).

  • It is recommended to maintain the integrity of files (unchanged original).

INTERNAL INFORMATION

Information intended for internal university use or its components. Disclosure outside MENDELU may be undesirable but does not directly endanger the organization.

Examples:

  • internal correspondence
  • minutes from meetings and discussions
  • internal directives and regulations
  • planned teaching or project schedules
  • working drafts of documents
  • research method descriptions
  • unfinished/unpublished research reports

Security Guidelines for Users

  • Do not disclose outside the university environment.

  • Store only on university cloud/services (e.g., MENDELU OneDrive) or network drives.

  • Do not permanently download to personal devices. If downloaded for work purposes, delete immediately after use.

  • Do not forward outside university email addresses.

CONFIDENTIAL INFORMATION

Information whose protection is required by law (e.g., GDPR), contract, or internal regulation. Access should be restricted to a specific group of people.

Information intended exclusively for the internal use of a precisely defined group of people, e.g., an employee and their supervisor, HR staff and a job applicant, or a group of ICT system administrators with access rights. This includes personal data, information covered by trade secrets, etc.

Disclosure outside this group is highly likely to cause harm (financial, moral, legal, etc.).

 

Examples:

  • economic and personal data of a private nature
  • personal data of employees or collaborators
  • identification card numbers, birth numbers, credit card numbers
  • access credentials to systems and ICT technologies
  • non-public parts of audits and investigations
  • valuable research data providing, e.g., a competitive advantage or containing sensitive information
  • extensive collections of internal information
  • access credentials to minor systems and internal information

Security Guidelines for Users

  • Do not transfer to non-public or non-contracted cloud services (e.g., personal Google Drive).

  • Do not forward via email outside the MENDELU domain.

  • Store only in approved storage with controlled access.

  • If downloaded to a personal device when necessary, the information must be immediately deleted after use.

  • If the information contains personal data, GDPR applies – process it only in accordance with the designated purpose and for the necessary duration.

  • When working outside the university environment, use a VPN and a secure device.
  • In case of a breach in handling this data or suspicion of a leak, it is necessary to immediately report the incident to the ICT administrator or via the MENDELU Helpdesk.

SENSITIVE INFORMATION

Highly protected information. Its leakage can cause serious harm – legal, moral, or financial. Disclosure is possible only exceptionally, after anonymization or in a controlled access regime.

Information intended strictly for the internal use of a precisely defined group of people, e.g., HR staff and an employee, an ICT system administrator and their supervisor, or project investigators with a specific level of security clearance. This includes highly valuable information covered by trade secrets or sensitive personal data.

Disclosure outside the authorized group will cause significant harm with serious consequences.

 

Examples:

  • medical records
  • personal data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs
  • data concerning a person’s sex life or sexual orientation
  • trade union membership
  • genetic data, biometric data processed solely for the purpose of identifying a person
  • login credentials for important or critical university systems
  • information regarding university security measures
  • highly valuable research data (providing a competitive advantage)
  • research data containing highly confidential information
  • extensive collections of confidential information

Security Guidelines for Users

  • Store exclusively on network storage or MENDELU’s contractually secured cloud services.

  • Never download to personal devices.

  • Do not transfer via unsecured channels (e.g., regular email).

  • Consider data encryption.

  • When working outside the university environment, use a VPN and a secure device.

  • Delete all copies immediately after use, including from the “recycle bin.”

  • In case of a breach in handling this data or suspicion of a leak, it is necessary to immediately report the incident to the ICT administrator or via the MENDELU Helpdesk.