Data classification in brief

Data classifying and handling at Tampere Universities

The requirement to classify and appropriately handle data applies to all the activities undertaken by the University, such as teaching education, research, the procurement of services and systems, project management, HR management, employment contracts, staff training and enterprise architecture.

Data must be classified as public, internal, confidential or restricted, and whether the document contains personal data. These categories are based on the severity of the risk of unauthorised disclosure. In addition, when processing documents that fall under the scope of the Finnish Act on the Openness of Government Activities or other legislation, you must adhere to the applicable requirements and regulations. The University’s records management plan governs the processing of these documents.

Implementation of data classification

During the spring of 2025, the common national data classification model for the higher education sector was implemented within our university community for the staff and individuals with extended resource agreements. Initially, the data classification will only apply to data and documents created and processed using Microsoft's 365 tools. This means that existing data in various sources will not be included in the classification at the initial stage.

Students do not have available the classification tool in Microsoft Office, so they are unable to label documents according to the data classification model. Nevertheless, they must be able to handle and share documents appropriately, taking into account the content of the document and any applicable classification.

The data classification model and tools being implemented will enable the safe utilization of AI technology with Microsoft's AI tools, while also considering legal requirements and obligations.

The supported applications are the following Microsoft 365 applications, which can be used to classify files and data: Word, PowerPoint, Outlook, Excel, PDF Xchange. New applications will be introduced later if necessary.

Data classification categories in use

Secret (1R)	Secret or special information that can only be viewed and handled by specifically named and trained individuals. For example, special personal information, health and salary-related information, information related to the university's readiness and security.
Strictly confidential (2A)	Information that contractually or legally requires special protection. Information can be viewed and handled by individuals who have the right to handle this information due to their duties. For example, information defined as secret by the Publicity Act, personal identification numbers, information about minors, payment information.
Confidential (3Y)	The default classification for all created and handled information within the organization. The classification can be changed on a document-by-document basis. Information can be viewed and handled by individuals belonging to a defined group. For example, documents in preparation, projects, incomplete study records, basic personal information (name, address, phone number).
Internal (4G)	Information can be viewed by anyone with a TUNI ID (staff & students). For example, information published on the intranet, internal announcements, teaching materials created and acquired for internal use.
Open (5W)	There are no restrictions on viewing the information. However, copyright must be considered. For example, public announcements, instructions, documents, publications, course information.
Private	Personal material for the individual's own use only. Viewing and handling rights defined by the individual.

Published: 28.4.2025

Updated: 26.9.2025

Print this page