The need for informarion classification for data protection.
Well before GDPR and the Data protection Act companies where
concerned about who should see what in an organisation. Payroll and HR had confidential records and some customer information would not want to be disclosed to unauthorised personal or members of the public. (a person health records for example). This was needed under manual paper filing systems and even more so in the digital age as information can be duplicated and distributed much more easily.
Model for data protection, coinfidentiality.
The fist examples came from the military where war plans, and other strategic information had to be protected from falling into enemy hands. We are all familiar with terms such as “Top Secret” from invariable number of 1960’s war movies. The requirement here was to limit the information to those on a need to know basis. So, confidentiality was the key. To simplify the implementation, they came up with the Bell-LaPudula model which thought in terms of structures and hierarchies. Someone could “write up” to a superior but be blocked from writing down to positions below them. This would limit the flow of information as in most organisations there are fewer personal at the top than at the bottom, so information would not be widely distributed. Think of military intelligence briefing a general. The information could be “read down” but not up. Therefore, directions could be given, or orders distributed but the top brass would be in control of vital information but still be able to communicate to troops under their command.
Model for data protection, integrity.
This model does not suit every scenario, as private industry doesn’t have necessarily the same need for secrecy. They may care more about the information not changing from its original form. That instruction on how to build a product or manage a service did not vary from the original spec. In this case they reversed the model to “write down” no “write up”. This meant that once an instruction was written it could not be changed unless referred to a higher authority. This would protect the information from unwanted edits or omissions and that it could be relied upon. On the reverse side again, they could “read up” to receive the instruction but not “read down” so therefore they would not have access to information not relevant to them. This would them limit the dissemination of information to only those parties who would need it. This is known as the BIBA model.
How to apply these principles to your organisation.
These models, and variations can assist in understanding the information flow as it relates to the hierarchy of the organisation and the inter relation between each of it’s department. It maintains that
flow of information even if a person leaves the organisation as the role-based position still exist under the new incumbent. Comparing a data map with the structure of the organisation us a useful exercise to review any changes that may take place between one and the other. Please see our data map download exercise which helps visualise who has access to what across your enterprise.