Internal data
Class 2
Access restriction
Internal data is normally restricted to employees and authorized individuals for work purposes only.
Data protection controls
Protection such as encryption is not required when internal data is stored or shared internally. However, protection is required when internal data is shared with third parties (e.g. via SFTP) or stored on third party systems (e.g. encrypted file storage on Azure).
Frequently asked questions
When storing internal data, avoid using external media (e.g. USB drives). If external media must be used for storage purposes, password protect the internal files. Use access controls to restrict information to selected individuals. Information can be stored in:
- Shared network drives
- Sharepoint (external, internal, restricted)
- Sharepoint (modern)
- OneDrive
Internal physical documents must be stored in a non-public area.
You can share/transfer internal information via email, Teams or Sharepoint.
Mark all internal data as ‘internal’ in the header or footer of document.
Internal physical documents must not be left unattended in a public area.
Responsible managers can decide who can have access to internal data. If sharing externally, ensure a non-disclosure agreement (NDA) is in place. For assistance creating an NDA, contact Legal Services.
Internal information can be archived or be disposed in the recycling bin according to Records Management Guidelines.
Internal information should be archived or deleted from workstations or devices according to Records Management Guidelines.