28

FFI-RAPPORT 16/00707

protected and the corresponding value, or degree of sensitivity, of that information. Defined in

very broad terms, the user class is divided into the business or public sectors, storing sensitive

or non-sensitive information. A new potential Piql partner can quite easily locate the user class

within which it belongs, and thus gain a generic understanding of which risks apply to their

organisation and which corresponding security measures should be put in place.

The level of sensitivity of the information is further divided into sub-categories. A measure of

sensitivity is how critical its loss would be. The degree of sensitivity can vary greatly depending

on how important the information is from one situation to another, from one period of time to

another, and sensitivity is also often a matter of subjective judgement. As a frame of reference,

we have chosen to use Norwegian legislation detailing which rules and regulations apply to

different levels of sensitive information. Similar legislation can be found specifically for other

nations. For the purposes of this report, the levels of sensitivity are divided into five groupings,

outlined in table 5.2 below.

Sensitivity level

Description

Public highly sensitive

Classified or confidential information, as specified by national acts on

protective security services [18].

Public sensitive I

Information exempt for public consumption, as specified by national

regulations governing access to documents in the public administration

[24].

Public sensitive II

Proprietary information, as specified by national regulations governing the

management of information in need of protection for other reasons than

those mentioned in the national act on protective security services,

including regulations [25].

Business sensitive

Business confidential or proprietary information, as specified by the

individual enterprise.

Public sensitive and

business sensitive

Personal data, as specified by national acts regulating the processing of

personal data [26].

Table 5.2

The classifications of sensitive information

Information that falls within the category non-sensitive is kept separate from the overview in

table 5.2, as it solely depicts the various degrees of sensitivity of information which has already

been deemed sensitive. Most of the digital information generated today is non-sensitive, and this

category will undoubtedly comprise most of the information which is stored with the Piql

Preservation Services. It is not to say that this information is not valuable and in need of long-

term preservation: it is simply not sensitive, understood as information not needed to be

withheld from the public. Non-sensitive information can certainly be valuable, such as the very

high value cultural artefacts have to a society. Preserving the cultural heritage of a society is