RDIM Terminology Sensitive Data Classifying and Managing Sensitive Research Data at JCU
Classifying and Managing Sensitive Research Data at JCU
- Future Students
- JCU Global Experience
- International Students
- Student experience
- Open Day
- How to apply
- Pathways to university
- Living on Campus
- Courses
- Publications
- Mature students
- Scholarships
- Entry options
- JCU Families
- JCU Heroes Programs
- Aboriginal and Torres Strait Islander in Marine Science
- Elite Athletes
- Defence
- Capability.Co
- AI@JCU
- AALL
- Current Students
- Student Ambassador Program
- New students
- JCU Orientation
- LearnJCU
- Placements
- EDQS
- Unicare Centre and Unicampus Kids
- Graduation
- Off-Campus Students
- JCU Job Ready
- Safety and Wellbeing
- JCU Prizes
- Professional Experience Placement
- Employability Edge
- Art of Academic Writing
- Art of Academic Editing
- Careers and Employability
- Health, Wellbeing and Belonging
- Career Ready Plan
- Careers at JCU
- Partners and Community
- School Outreach and Widening Participation
- Alumni
- International partnerships
- About JCU
- Reputation and Experience
- Chancellery
- Governance
- Celebrating 50 Years
- Academy
- Indigenous Engagement
- Education Division
- Research festival
- Graduate Research School
- Research Division
- Research and Innovation Services
- CASE
- College of Business, Law and Governance
- College of Healthcare Sciences
- College of Medicine and Dentistry
- College of Science and Engineering
- MPE
- Anthropological Laboratory for Tropical Audiovisual Research (ALTAR)
- Rural Remote and Tropical Health Systems
- Agriculture Technology and Adoption Centre (AgTAC)
- Advanced Analytical Centre
- AMHHEC
- Aquaculture Solutions
- AMHRA
- JCU Digital Wellbeing Group
- ARCSTA
- Lions Marine Research Trust
- Australian Tropical Herbarium
- Australian Quantum & Classical Transport Physics Group
- Boating and Diving
- Clinical Psychedelic Research Lab
- Centre for Tropical Biosecurity
- Centre for Tropical Bioinformatics and Molecular Biology
- CITBA
- CMT
- Centre for Disaster Solutions
- CSTFA
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Fletcherview
- JCU Eduquarium
- JCU Turtle Health Research
- MARFU
- Orpheus
- TESS
- JCU Ideas Lab
- CADSI
- CNL
- TARL
- eResearch
- Indigenous Education and Research Centre
- Past Course and Subject Handbooks
- Estate
- Work Health and Safety
- Staff
- Discover Nature at JCU
- Cyber Security Hub
- Association of Australian University Secretaries
- Services Division
- Environmental Research Complex [ERC]
- Foundation for Australian Literary Studies
- Gender Equity at JCU
- Give to JCU
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Lab
- IT Services
- JCU Webinars
- JCU Events
- JCU Motorsports
- JCU Sport
- Library
- Mabo Decision: 30 years on
- Marine Geophysics Laboratory
- Office of the Vice Chancellor and President
- Outstanding Alumni
- Policy
- PAHL
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
-
RDIM
- Introduction
- RDIM Overview
- My Responsibilities
- Research Data JCU Platform
- Step 1 - Plan
- Step 2 - Manage
- Step 3 - Archive
- Step 4 - Publish
- Step 5 - Reuse
- Step 6 - Review
- Step 7 - Dispose
-
Terminology
- Access Conditions (Open, Conditional, Restricted)
- Active Data
- Active Storage and Collaboration Options
- Citations
- Collaborator
- Completed Data
- Conditional Access
- Confidentiality
- Consent
- Contracts
- Copyright
- Creative Commons Licence
- Creative Commons Zero (CC0)
- Custodian
- Custodianship
- Data
- Data Creator
- Data Custodian
- Data Manager
- Digital Object Identifier (DOI)
- Data Package
- Data Papers
- Data Publication
- Data Record
- Data Repositories
- Data Retention
- Data Storage - Active Data or Working Data
- Data Storage - Completed Data
- Data Visualisation
- Data Wrangling (Cleaning)
- De-identifying Data
- Digital Object Identifier (DOI)
- DIKW Model
- Documentation
- DOI Minting Services
- Embargo
- Ethics and Ethical Clearance
- FAIR Data Principles
- File Formats
- File Names
- Folder Structures
- HDR Candidate
- Information
- Intellectual Property
- JCU Researcher
- Lead Investigator
- Licensing Data
- Moral Rights
- Open Access
- Primary Advisor
- Primary Materials
- Privacy and Personal Information
- Repositories
- Research Data
- Research (Data and Information) Asset
- Research (Data and Information) Asset Lifecycle
- Research Data JCU Platform
- Research Data Management Plan (RDMP)
- Research Information
- Research Project
- Restricted Access
- Retention
- Retention Rules for Specific Data Types
- Sensitive Data
- Storage
- Supporting Documents
- Triangulation, Data Linkage and Integrating Authorities
- Version Control
- Working Data
- Wrangling (Cleaning) Data
- Frequently Asked Questions
- Information Sheets
- Training Videos
- Site Map
- Contact Us
- Researcher Development Portal
- Roderick Centre for Australian Literature and Creative Writing
- Contextual Science for Tropical Coastal Ecosystems
- State of the Tropics
- Strategic Procurement
- Student profiles
- SWIRLnet
- TREAD
- TropEco for Staff and Students
- TUDLab
- VAVS Home
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- JCU Respect
- Pay review
- Research
JCU uses a risk-based sensitivity classification to help researchers understand the levels of sensitivity associated with their data.
The classification is completed within the Research Data Management Plan (RDMP), where self-assessment questions guide you through identifying relevant sensitivities and what they may mean for data handling, storage and access. This supports safe, ethical, and culturally respectful research practice.
Data is classified according to the potential impact if it were compromised through accidental or unauthorised access, loss, misuse, or disclosure. Clear classification helps protect individuals, communities, the University, and external partners.
What is sensitive data?
Data is considered sensitive if it can be used to identify an individual, species, object, or location in a way that introduces a risk of discrimination, harm, cultural harm, or unwanted attention.
Examples include:
- Identifiable or re-identifiable personal or health data
- Culturally sensitive data
- Ecological data (e.g., locations of rare or endangered species)
- Security-sensitive data
- Commercially valuable data with commercialisation potential.
Using the classification
Sensitive data is often subject to legal, ethical, cultural, regulatory, and commercial requirements that shape how it can be accessed, handled, stored, and shared.
The sensitivity classification questions in the Research Data Management Plan (RDMP) help you:
- identify whether your data is sensitive
- understand what the level of sensitivity means for data handling, storage and access
- recognize when additional advice, controls, or approvals may be needed.
đ You can—and should—select multiple categories if your data falls into more than one area.
This ensures a complete assessment and supports appropriate data handling throughout the project.
How to interpret classification guidance
The sensitivity classification helps you identify considerations for data handling, storage, and access based on risk.
It does not automatically assign specific systems or storage locations.
Within each classification, there may still be variation in risk — and this should be considered when determining appropriate storage, access controls, and handling.
Decisions about where and how data is stored depend on project context and may involve ethics approvals, consent conditions, Indigenous governance requirements, contractual obligations, the application of appropriate security and access controls, or the availability of suitable institutional infrastructure.
This guidance supports informed, proportionate decision-making — it does not replace governance processes, expert advice, or researcher responsibility.
âšī¸ Culturally sensitive data
Indigenous and cultural knowledge cannot be treated as just another “risk category.” Cultural data sensitivity is deeply connected to research practice, relationships, custodial authority, and community expectations.
While the sensitivity classification uses a risk-based framework, the tool also incorporates considerations such as custodial authority, community consent, and culturally appropriate access controls (including tiered access where determined by communities). These inclusions support researchers in thinking more carefully about cultural data, while recognising that cultural protocols and decisions sit beyond what any classification tool can fully capture.
Culturally sensitive data is ultimately guided by Indigenous-led governance, custodial guidance, and community decision-making about how knowledge may be used, handled, accessed, and shared. Cultural protocols are community-driven, context-specific, and dynamic, and they may require specific permissions, restrictions, or community-led management pathways.
Formal Indigenous data protocols are being developed by the Indigenous Education and Research Centre (IERC), and these will guide future refinements to the classification and strengthen alignment with Indigenous data governance principles.
A separate Case Study on Collecting Plant Materials for Biodiscovery outlines how cultural sensitivity, legislation, ethical frameworks, and practical data handling come together in research practice.
Sensitivity levels
| Research Data Classification | Risk | Access and Handling | Examples |
|---|---|---|---|
| Official (Public) | Compromise would have little or no impact. | Data is eligible for public release. |
|
| Official (Internal) | Compromise unlikely to cause harm. | Internal or limited access (e.g., includes external research collaborators under controlled conditions) based on general academic, research or business need. |
|
| Sensitive |
Compromise could breach ethical, legal, commercial or regulatory obligations. Adverse impact is likely. | Authorised access only, based strictly on academic, research or business need. |
|
| Protected |
Compromise would breach ethical, legal, commercial or regulatory obligations. Serious adverse impact expected. | Highly restricted access, may be subject to regulatory controls. |
|
This table provides a high-level overview of JCU’s sensitivity levels. It is designed as a quick reference to accompany the RDMP questions.
Policy alignment
This classification is directly aligned with JCU’s Information Classification Policy and complements JCU’s broader research integrity, ethics, and data governance frameworks.