Public
- Definition: Information that is intended for open distribution and poses no risk if disclosed.
- Access: Anyone — internal or external.
- Examples:
- Company website content
- Public job postings
- Marketing brochures or press releases
- Controls: No restrictions. Can be shared freely.
Internal
- Definition: Information intended only for employees or contractors inside the organization. Disclosure outside is not catastrophic but undesirable.
- Access: All internal staff.
- Examples:
- Training manuals
- Internal policies and procedures
- Meeting agendas
- Controls: Sharing outside the domain is discouraged or blocked by default.
Confidential
- Definition: Sensitive business information that must be protected from external disclosure. Unauthorized access can impact business operations, compliance, or reputation.
- Access: Only authorized departments or roles.
- Examples:
- Client contact details
- Project plans and financial data
- Contracts or vendor pricing
- Controls: External sharing blocked; logged internally; sometimes requires approval to access or share.
Restricted
- Definition: Critical or regulated information. Unauthorized access can result in legal, financial, or safety consequences. This is the highest level of sensitivity.
- Access: Strictly “need-to-know”; only approved individuals.
- Examples:
- Protected Health Information (PHI)
- User credentials or API keys
- Trade secrets, litigation documents
- Controls: External sharing strictly prohibited; internal sharing tightly controlled; high-priority for encryption, watermarking, and DLP monitoring.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article