Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Version

Editor

Changes

1.0

Nico Lück, Margus Mägi

Inserted regular revision of document by Governance Committee

0.8

Nico Lück, Rachel Lawson, P.S. Ramkumar, Esther Ogunjimi, Moritz Fromageot, Ayush Shukla

Purpose of this document

This document is to guide participants of the GovStack community in finding the appropriate place to store information.

As a community driven by the principle of openness, we aim to make decisions and information as much public as possible.

However, to ensure that we do not risk issues to the project, or the partners supporting the project, we must consider the content/data we are handling and store it in locations that mitigate those risks.

The overall way we work is to:

  1. classify content/data and agree how each classification is handled

  2. place reminders of what classification of content/data is appropriate on each platform, where possible

  3. communicate to all members of the project team which platforms are available for use and what classification of content/data is appropriate in each.

  4. Revise this document (especially the examples given per class) at least once every half a year by the Governance Committee

Personal data

Data relating to people’s must always be handled with the greatest care and always in accordance with the rules given by GDPR.

The GovStack project details these rules in its Privacy Policy and they must always be followed before further considering what information to store where, as described in this document.

Classification of Information

Protection needs of the information consider damage that may occur if confidentiality, integrity or availability is compromised.

The person creating the information is responsible for selecting the appropriate classification.

For this person to select the correct classification, the protection need is described in detailed abstract manner and example cases are given. Reoccurring meetings shall be already categorised so that information coming out of this meeting inherit the respective class.

We also define the tools we use to handle information at each classification. There may be exceptions to these rules, especially at the Public classification. At the Normal / High classifications, usage of a particular tool other than that defined here should be cleared with your partner lead.

Protection Need

Potential damage to GovStack Initiative or partners

(Def. See below)

Example cases (incl. Meetings)

Initially, it is up to the groups to decide the classification of information not yet listed here. However, in long-term, all groups in the category “normal” should consider to move into “non-classified/public”.

Tools we use in the GovStack project for this purpose

Non-classified/Public information

No damage expected

General

  • Overall deployment plan and roadmap

  • Events with GovStack participation

Governance Committee

  • Meeting and decision Minutes

  • Information on procurements which are also available in the respective web portals

Product Committee

  • Meeting and decision minutes

Technical Committee

  • Meeting and decision minutes

Working Groups (including Building Blocks but also things like Comms, Community etc)

  • Backlog of work

  • Source Code

  • Specs documents, use case definition by working groups. Including in-development versions.

Country Engagement (for comms purposes or digital public goods)

  • General status and backlog of cooperation with partner countries for communication purposes

  • Products like playbooks

  • Digital Readiness Studies

Confluence Public Areas

Jira Public Areas

Slack

Github

Gitbook

Website

Social Media

Normal

Damage impacts are limited and manageable.

General

  • Personnel non-contractual details of employees/ participants (contact details, email...)

Country Engagement Team

  • Work plan priorities, Activities to be done etc.

  • Playbook development

  • Work on Inception Reports

  • Meeting Minutes

Founding partner meeting (closed Governance meeting)

  • The Founding Partners may wish to release a version of the summary/meeting minutes of the closed Governance meeting for general consumption in the Public Confluence space, keeping the whole project up to date with their decisions.

Communications and Events

  • Event photos taken at initiative meetings

  • List of event participants (names etc.)

Partnership Management (Private and public sector)

  • Meeting minutes of calls with private companies

Confluence Restricted Areas

Jira Restricted Areas

E-Mail

MS Teams direct Chat

High

The damage effects can be considerable.

Founding partner meeting (closed Strategic Governance meeting)

  • Information to coordinate partners on financial, HR, strategy or donor matters.

  • Personal contractual details

  • Country engagement strategic priorities/constraints

  • Report on planned or active procurements

  • Travel plans in fragile contexts

  • Coordination with local implementers in fragile contexts, e.g. Somalia

  • Contracts of the founding partner with third parties, e.g. EU

Partnership Management (Donors)

  • Priorities of partners

Country Engagement

  • Status of engagement with new countries to be involved into GovStack

  • Description of the Actions, IDGC

  • Code of Conduct Team

  • Meeting Notes

GIZ MS Teams

E-Mail

Very High

The damage effects can reach an existentially threatening, catastrophic extent

Personal information of target group (e.g. political activists)

Sensitive personal data sets for testing purposes (e.g. real data from partner systems)

GovStack does not process this class of information

Protection needs in detail

“Normal” protection needs category

1. Violation of laws/ regulations/contracts

  • Violations of regulations and laws with minor consequences

  • Minor breaches of contract with at most low contractual penalties

2. Impairment of the right to informational self-determination

  • It is a question of personal data, the processing of which may have adverse effects on the social standing or economic conditions of the person concerned. 3. Impairment of the physical integrity of a person

  • Impairment does not appear possible.

4. Impairment of the ability to perform tasks

  • The impairment would be assessed as tolerable by those concerned.

  • The maximum acceptable downtime is between 24 and 72 hours.

5. Negative internal or external effects

Low and/or only internal impairment of reputation/confidence is to be expected.

6. Financial consequences

The financial loss is acceptable to the organisation.

“High” protection need category

1. Violation of laws/regulations/contracts

  • Violations of regulations and laws with substantial consequences

  • Major breaches of contract with high contractual penalties

2. Impairment of the right to informational self-determination

It is a question of personal data, the processing of which may have significant adverse effects on the social standing or economic conditions of the person concerned.

3. Impairment of the physical integrity of a person

Adverse effects on the personal integrity cannot be ruled out completely.

4. Impairment of the ability to perform tasks

  • The adverse effects would be assessed as intolerable by some of the individuals concerned.

  • The maximum acceptable down time is between one and 24 hours.

5. Negative internal or external effects

Considerable impairment of reputation/confidence is to be expected.

6. Financial consequences

The financial loss is considerable, but does not threaten the existence of the organisation

“Very high” protection need category

1. Violation of laws/regulations/contracts

  • Fundamental violation of regulations and laws

  • Breaches of contract with ruinous damage liabilities

2. Impairment of the right to informational self-determination

Includes personal data, the processing of which entails a danger to life and limb or the personal freedom of the person concerned.

3. Impairment of the physical integrity of a person

  • Severe adverse effects on the personal integrity are possible.

  • Danger to life and limb

4. Impairment of the ability to perform tasks

  • The adverse effects would be assessed as unacceptable by all concerned.

  • The maximum acceptable downtime is less than one hour.

5. Negative internal or external effects

National adverse effects on the reputation or confidence are possible, which may even threaten its continued existence.

6. Financial consequences

The financial loss threatens the existence of the organisation.

Reclassifying information

Of course, we couldn’t classify information without also recognising that there will be occasions where it needs to be reclassified for a particular purpose.

An example of data needing reclassification might be photos taken at an event. By default, they are treated as “Normal” classification meaning they are only stored on email, MS Teams or the private Confluence. We want to publish them on the website so need to reclassify as “Public”.

The method to reclassify information is to agree this reclassification in a committee or working group meeting, record the agreement to reclassify the information in the meeting notes and then move the information where it is needed.

So, for the example of photos taken at an event, the Comms team must note in their meeting minutes that images x y and z.jpg have been reclassified as public and may now be added to social media.

  • No labels