"Nevada's IT agency has rolled out a new policy aimed at standardizing the privacy of state data, months after a massive cyberattack crippled certain systems for weeks. The policy announced Wednesday from the Governor's Technology Office marks the first time the state will have clear-cut categories for data sensitivity. Officials said this will allow agencies to go beyond simply denoting something as "sensitive" or "personal" and will ensure private data is not treated the same as public information."
"Data will now be classified as one of four categories: "public," "sensitive," "confidential" or "restricted." It is up to individual agencies to determine the proper category, and if the classification is unclear, the data must be put in the more restrictive category. Under Nevada's public records law, information is by default a public record unless specific confidentiality provisions apply. The policy said it does not change what is considered a public record."
Nevada's Governor's Technology Office established a four-tier data classification framework—public, sensitive, confidential, restricted—to standardize protection and handling of state data. Agencies must assign data to the appropriate category, and unclear cases must default to the more restrictive classification. Agency leaders are accountable for compliance while designated data officials make classification determinations; noncompliance may trigger remediation actions or escalation. The framework does not alter the state's public records law or what constitutes a public record. The classification scheme aims to prevent private data from being treated as public and to reduce uncertainty when agencies exchange information following a major cyberattack.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]