Sensitive information
The NSW Government collects, stores and manages sensitive information as a part of normal business processes. Sensitive information includes:
- personal information
- health information
- information which could be subject to legal privilege
- commercial-in-confidence information
- law enforcement information
- NSW Cabinet information
Examples of sensitive information are an individual’s personal details, credit information, medical records, drivers licence information, criminal records, biometric information and other personal details.
Compromise of this information’s confidentiality may result in limited damage to an individual, organisation or government generally and requires additional care in handling. It could result in fraudulent use of an individual’s personal information, financial loss to the agency or the individuals affected or the reputational damage and loss of public trust in the agency responsible for the safekeeping of the information.
Collection, storage, use and disposal of different types of sensitive information is governed by different legislation and requires different access and dissemination rules. To make these differences clear, NSW Government uses dissemination limiting markers (DLMs) that must be applied to sensitive information. Most DLMs can be used on their own, or in conjunction with a security classification.
Labelling sensitive information
Applying a text-based DLM labels with a prefix of OFFICIAL: Sensitive to documents (including emails):
It is recommended that text markings be in capitals, bold text, large fonts and distinctive colours (red preferred) and located at the centre top and centre bottom of each page. If text-based markings cannot be used, use colour-based markings. For NSW DLMs a yellow colour is recommended. If text or colour-based protective markings cannot be used, apply the agency’s marking scheme.
If marking paragraphs abbreviations can be used. The Australian Government DLM OFFICIAL: Sensitive can be abbreviated to (O:S).
Hard copy and electronic records:
The label on a file cover or container must be at least equal to the label on the most sensitive item with the file or container. Labels need to be shown on all types of documents, reports and media.
Electronic and other documents should include their sensitivity label in their metadata.
Digital and data:
Sensitivity and security labelling of digital information should be applied and communicated to the users of the systems. Sensitivity labelling can be shown in metadata fields within programs, in data dictionaries and system documentation.
Some systems may not have the functionality to include sensitivity or security classification labelling. In this case, an induction or communication program should be run with staff using the system, including third party users, to ensure they understand the sensitivity of the information they have access to.
What if my information falls under two labels?
Two labels are not required, the decision-making tool (Figure 5) has been designed to help determine which label to use. Most health information contains information about health as well as personal information and this should be labelled as OFFICIAL: Sensitive - Health Information.
In a situation where a document has multiple types of information, or information that fits more than one DLM or security classification, the document must be labelled and/or classified as per the information of the highest level of sensitivity within that document.
Who applies the label?
The person responsible for preparing the information is responsible for assessing the information and labelling it according to these guidelines.
NSW agencies are likely to manage sensitive information that has historically not been labelled. Sensitive information in use must be labelled. NSW agencies need to plan how to implement labelling across their organisation based on risk and importance of the information; for example, more sensitive or confidential information should be labelled first.
Agencies are to advise all staff, including contractors, on the proper use of the information classification, labelling and handling guidelines. Agencies that are likely to handle sensitive information should have standard operating procedures to assist staff in labelling.
When are labels applied?
Labels should be applied when:
- the information is created. The originator is required to assess the consequences or damage from unauthorised compromise or misuse of the information. If adverse consequences from compromise of confidentiality could occur or the agency is legally required to protect the information, the information must be labelled.
- information is received from external sources, that is not already labelled, should be assessed upon receipt and labelled according to its sensitivity or security requirements. Security classified information which is received from another government agency should be handled in accordance with these guidelines and the Protective Security Policy Framework (PSPF) as appropriate. Re-labelling of information received from another government agency is not necessary unless information has been added, edited or removed and its sensitivity or security classification has changed. This re-labelling should be done in consultation with that agency.
Agencies are not required to label UNOFFICIAL or OFFICIAL information. By default, unlabelled information will be handled as OFFICIAL. Agencies may determine their own policy for labelling OFFICIAL material, according to their operating requirements.
A NSW agency sending sensitive information to another government agency must label the information with a DLM so that the receiving agency will understand the sensitivity of the information.
The originator must ensure that information is classified and labelled prior to any use or sharing of the information. Information custodians are to provide appropriate classification and handling guidance to any third-party requiring access to the information.
If you receive a document or record that is already labelled, the document or record needs to be handled according to this label. Re-labelling of documents is not required unless it is obvious that the document contains sensitive or confidential information that may be at risk of exposure. If a decision to re-label is made, contact the originator of the information, if possible, to inform them of the need to amend the label.
Where should the label be applied?
Once you have assessed the information and determined that it needs a DLM, you now need to apply these labels to the information. DLMs can be applied to information in any format and medium. This includes paper or digital.
The labels need to be at the top and bottom centre of the documents, presentations, maps, media, so they are visually prominent. Examples have been provided below.
Email – agencies with Microsoft 365 may decide to set up automatic labelling of emails. Emails need to be marked in the subject line as well as at the top and bottom of the message. Email labelling is required for sensitive information and above even if automatic labelling has not been implemented.
Example email with labels in the subject line and at the top and bottom of the email
The Australian Government has developed an email protective marking standard for Australian government agencies to follow.
Documents – agencies are to insert a label in the header and footer of each document.
Example documents labelled in the header and footer
I think the label is wrong – what do I do?
The originator of the information is responsible for labelling the document and changing these labels. If the document appears to be labelled incorrectly the originator needs to be contacted and the information re-labelled. If the originator is not known, the information needs to be assessed using the business impact levels tool and labelled accordingly.
Last updated 16 Dec 2020