Version	Editor	Changes
1.1	Nico Lück	Reduced examples of “normal” class
1.0	Nico Lück, Margus Mägi	Inserted regular revision of document by Governance Committee
0.8	Nico Lück, Rachel Lawson, P.S. Ramkumar, Esther Ogunjimi, Moritz Fromageot, Ayush Shukla

Purpose of this document

This document is to guide participants of the GovStack community in finding the appropriate place to store information.

As a community driven by the principle of openness, we aim to make decisions and information as much public as possible.

However, to ensure that we do not risk issues to the project, or the partners supporting the project, we must consider the content/data we are handling and store it in locations that mitigate those risks.

The overall way we work is to:

classify content/data and agree how each classification is handled
place reminders of what classification of content/data is appropriate on each platform, where possible
communicate to all members of the project team which platforms are available for use and what classification of content/data is appropriate in each.
Revise this document (especially the examples given per class) at least once every half a year by the Governance Committee

Personal data

Data relating to people’s must always be handled with the greatest care and always in accordance with the rules given by GDPR.

The GovStack project details these rules in its Privacy Policy and they must always be followed before further considering what information to store where, as described in this document.

Classification of Information

Protection needs of the information consider damage that may occur if confidentiality, integrity or availability is compromised.

The person creating the information is responsible for selecting the appropriate classification.

For this person to select the correct classification, the protection need is described in detailed abstract manner and example cases are given. Reoccurring meetings shall be already categorised so that information coming out of this meeting inherit the respective class.

We also define the tools we use to handle information at each classification. There may be exceptions to these rules, especially at the Public classification. At the Normal / High classifications, usage of a particular tool other than that defined here should be cleared with your partner lead.

Protection Need	Potential damage to GovStack Initiative or partners (Def. See below)	Example cases (incl. Meetings) Initially, it is up to the groups to decide the classification of information not yet listed here. However, in long-term, all groups in the category “normal” should consider to move into “non-classified/public”.	Tools we use in the GovStack project for this purpose
Non-classified/Public information	No damage expected	General Overall deployment plan and roadmap Events with GovStack participation Governance Committee Meeting and decision Minutes Information on procurements which are also available in the respective web portals Product Committee Meeting and decision minutes Technical Committee Meeting and decision minutes Working Groups (including Building Blocks but also things like Comms, Community etc) Backlog of work Source Code Specs documents, use case definition by working groups. Including in-development versions. Country Engagement (for comms purposes or digital public goods) General status and backlog of cooperation with partner countries for communication purposes Products like playbooks Digital Readiness Studies	Confluence Public Areas Jira Public Areas Slack Github Gitbook Website Social Media
Normal	Damage impacts are limited and manageable.	Country Engagement Team Work plan priorities, Activities to be done etc. Playbook development Work on Inception Reports Meeting Minutes	Confluence Restricted Areas Jira Restricted Areas E-Mail MS Teams direct Chat
High	The damage effects can be considerable.	Founding partner meeting (closed Strategic Governance meeting) Information to coordinate partners on financial, HR, strategy or donor matters. Personal contractual details Country engagement strategic priorities/constraints Report on planned or active procurements Travel plans in fragile contexts Coordination with local implementers in fragile contexts, e.g. Somalia Contracts of the founding partner with third parties, e.g. EU Partnership Management (Donors) Priorities of partners Country Engagement Status of engagement with new countries to be involved into GovStack Description of the Actions, IDGC Code of Conduct Team Meeting Notes Communications and Events Event photos taken at initiative meetings List of event participants (names etc.)	GIZ MS Teams E-Mail
Very High	The damage effects can reach an existentially threatening, catastrophic extent	Personal information of target group (e.g. political activists) Sensitive personal data sets for testing purposes (e.g. real data from partner systems)	GovStack does not process this class of information

Protection needs in detail

“Normal” protection needs category

1. Violation of laws/ regulations/contracts

Violations of regulations and laws with minor consequences
Minor breaches of contract with at most low contractual penalties

2. Impairment of the right to informational self-determination

It is a question of personal data, the processing of which may have adverse effects on the social standing or economic conditions of the person concerned. 3. Impairment of the physical integrity of a person
Impairment does not appear possible.

4. Impairment of the ability to perform tasks

The impairment would be assessed as tolerable by those concerned.
The maximum acceptable downtime is between 24 and 72 hours.

5. Negative internal or external effects

Low and/or only internal impairment of reputation/confidence is to be expected.

6. Financial consequences

The financial loss is acceptable to the organisation.

“High” protection need category

1. Violation of laws/regulations/contracts

Violations of regulations and laws with substantial consequences
Major breaches of contract with high contractual penalties

2. Impairment of the right to informational self-determination

It is a question of personal data, the processing of which may have significant adverse effects on the social standing or economic conditions of the person concerned.

3. Impairment of the physical integrity of a person

Adverse effects on the personal integrity cannot be ruled out completely.

4. Impairment of the ability to perform tasks

The adverse effects would be assessed as intolerable by some of the individuals concerned.
The maximum acceptable down time is between one and 24 hours.

5. Negative internal or external effects

Considerable impairment of reputation/confidence is to be expected.

6. Financial consequences

The financial loss is considerable, but does not threaten the existence of the organisation

“Very high” protection need category

1. Violation of laws/regulations/contracts

Fundamental violation of regulations and laws
Breaches of contract with ruinous damage liabilities

2. Impairment of the right to informational self-determination

Includes personal data, the processing of which entails a danger to life and limb or the personal freedom of the person concerned.

3. Impairment of the physical integrity of a person

Severe adverse effects on the personal integrity are possible.
Danger to life and limb

4. Impairment of the ability to perform tasks

The adverse effects would be assessed as unacceptable by all concerned.
The maximum acceptable downtime is less than one hour.

5. Negative internal or external effects

National adverse effects on the reputation or confidence are possible, which may even threaten its continued existence.

6. Financial consequences

The financial loss threatens the existence of the organisation.

Reclassifying information

Of course, we couldn’t classify information without also recognising that there will be occasions where it needs to be reclassified for a particular purpose.

An example of data needing reclassification might be photos taken at an event. By default, they are treated as “Normal” classification meaning they are only stored on email, MS Teams or the private Confluence. We want to publish them on the website so need to reclassify as “Public”.

The method to reclassify information is to agree this reclassification in a committee or working group meeting, record the agreement to reclassify the information in the meeting notes and then move the information where it is needed.

So, for the example of photos taken at an event, the Comms team must note in their meeting minutes that images x y and z.jpg have been reclassified as public and may now be added to social media.