User Class and Asset

The user groups that would be likely to utilise the Piql system for their archival needs have been defined into groupings. It is first necessary to briefly specify what type of information the Piql Preservation Services would be storing. It is not meant for keeping information which one needs access to on a regular basis and which must be backed-up regularly as new information is added continuously. Once this sort of information has been stored in internal archives for a period of about 5 years, it no longer needs to be part of the so-called active archive [23 § 3-12].At this point, if the information is of such importance that the data owner wishes to preserve it, they can utilise the Piql Preservation Services.

As our working-perspective in the report is user-oriented, the user group classification needs to be as accurate as possible, yet it is one of the most challenging ones to define. The Piql

Preservation Services is available to any entity in any sector or industry in the world in

possession of critical data requiring archiving and long-term preservation. This includes the vast majority of all enterprises or bodies functioning in modern society, both private and public.

Attempting to make a complete list of all these entities is near impossible. So, we have made a highly overarching classification of the user classes utilised in the scenario development. The groupings are based on the type of information, or asset, a given user would need stored and

protected and the corresponding value, or degree of sensitivity, of that information. Defined in very broad terms, the user class is divided into the business or public sectors, storing sensitive or non-sensitive information. A new potential Piql partner can quite easily locate the user class within which it belongs, and thus gain a generic understanding of which risks apply to their organisation and which corresponding security measures should be put in place.

The level of sensitivity of the information is further divided into sub-categories. A measure of sensitivity is how critical its loss would be. The degree of sensitivity can vary greatly depending on how important the information is from one situation to another, from one period of time to another, and sensitivity is also often a matter of subjective judgement. As a frame of reference, we have chosen to use Norwegian legislation detailing which rules and regulations apply to different levels of sensitive information. Similar legislation can be found specifically for other nations. For the purposes of this report, the levels of sensitivity are divided into five groupings, outlined in table 5.2 below.

Sensitivity level Description

Public highly sensitive Classified or confidential information, as specified by national acts on protective security services [18].

Public sensitive I Information exempt for public consumption, as specified by national regulations governing access to documents in the public administration [24].

Public sensitive II Proprietary information, as specified by national regulations governing the management of information in need of protection for other reasons than those mentioned in the national act on protective security services, including regulations [25].

Business sensitive Business confidential or proprietary information, as specified by the individual enterprise.

Public sensitive and business sensitive

Personal data, as specified by national acts regulating the processing of personal data [26].

Table 5.2 The classifications of sensitive information

Information that falls within the category non-sensitive is kept separate from the overview in table 5.2, as it solely depicts the various degrees of sensitivity of information which has already been deemed sensitive. Most of the digital information generated today is non-sensitive, and this category will undoubtedly comprise most of the information which is stored with the Piql Preservation Services. It is not to say that this information is not valuable and in need of long-term preservation: it is simply not sensitive, understood as information not needed to be withheld from the public. Non-sensitive information can certainly be valuable, such as the very high value cultural artefacts have to a society. Preserving the cultural heritage of a society is

vital to uphold and safeguard the collective memories of what defines that society. Important historical documents, for instance, serve that function, and are thus highly valuable, and in need of sophisticated protection, yet they cannot be characterised as sensitive.

Now that the sensitivity of the information is more clearly outlined, it is possible to present a schematic overview of the user class defined by the asset and the corresponding sensitivity of the assets and therefore value of the asset. Additionally we give examples of the specific user groups which comprise a user class, shown in table 5.3.

User class

Level of sensitivity

User group Asset

Business Non-sensitive Non-sensitive Media – Entertainment, TV, film, newspapers. Entire stock of past releases.

Manufacturing – Machinery/equipment;

Industry – Energy and utilities; Oil/gas;

Chemical; Mining; Hydraulic power; R&D and production.

Trade secrets, possible threats to national interests. Contracts, deals, strategy papers,

Trade secrets, possible threats to national interests. Contracts, deals, strategy papers, correspondence, financial data, product plans.

Personal data

Any registered enterprise which employs staff. Employee records containing personal information. for future preservation. Used both for future research and a continuation of tradition/values. Cultural monuments.

Public services – Social services; Public schools and universities; Health services;

Legal – The judiciary, courts of law. Law books, acts, statutes, verdict and settlement collection, legal treatises.

Public Sensitive Personal data

Public registry of personal data – Social services; Universities; Finance/Insurance;

Health services; Fire department; Police department, criminal records.

Documents relating to casework. Personal data.

Proprietary information Government administration – Government

bodies; National archives and libraries.

Government records, central administration management,

correspondence. Classified information.

Internal case documents.

Exempt from public consumption Government administration – Government

bodies; National archives and libraries.

Government records, central administration management,

correspondence. Classified information.

Internal case documents.

Classified, confidential

Defence and Intelligence – Military bodies and archives; Intelligence and security bodies and archives; Research establishments;

Suppliers.

Classified information.

Table 5.3 The user classes and corresponding assets used in the scenario development