Data Classification Policy
Note: Vidovo, Inc is referred to as "Vidovo" throughout this document.
Purpose
This Data Classification Policy establishes guidelines for categorizing and protecting information assets based on their sensitivity and business value. This policy helps ensure appropriate security controls are applied to different types of data throughout its lifecycle.
Scope
This policy applies to all data created, processed, stored, or transmitted by Vidovo, including data handled by employees, contractors, and third-party service providers on behalf of Vidovo.
Data Classification Levels
Public Data
Information that is intended for public disclosure and can be shared openly without risk to Vidovo or its stakeholders.
Examples:
- Marketing materials and published content
- Public website information
- Press releases and public announcements
- General product information
Protection Requirements: Standard web security practices
Internal Data
Information intended for use within Vidovo that could cause minor harm if disclosed externally but does not contain sensitive personal or business information.
Examples:
- Internal policies and procedures
- General business communications
- Non-sensitive operational data
- Internal training materials
Protection Requirements: Access controls, secure transmission
Confidential Data
Sensitive information that could cause significant harm to Vidovo, customers, or partners if disclosed without authorization.
Examples:
- Customer personal information and contact details
- Business strategies and plans
- Financial information and reports
- Proprietary algorithms and technical specifications
- Contract terms and pricing information
- Employee personal information
Protection Requirements: Encryption, access controls, audit logging
Restricted Data
Highly sensitive information that could cause severe harm if disclosed and is subject to strict regulatory or legal requirements.
Examples:
- Payment card information (PCI data)
- Social security numbers and government IDs
- Authentication credentials and security keys
- Legal documents under attorney-client privilege
- Regulated personal data under privacy laws
Protection Requirements: Strong encryption, multi-factor authentication, strict access controls, comprehensive audit trails
Data Handling Requirements
Data in Transit
Vidovo implements encryption for data transmission:
- Confidential and Restricted Data: Must be encrypted using industry-standard protocols (TLS 1.2 or higher)
- Internal Data: Should be transmitted through secure channels when possible
- Public Data: Standard web security practices apply
Data at Rest
Vidovo implements encryption for stored data:
- Restricted Data: Must be encrypted using strong encryption standards.
- Confidential Data: Should be encrypted using industry-standard encryption
- Internal Data: Basic security controls and access restrictions
- Public Data: Standard storage security practices
Access Controls
- Access to data is granted based on business need and principle of least privilege
- Higher classification levels require additional authorization
- Access rights are reviewed periodically and revoked when no longer needed
- All access to Restricted data is logged and monitored
Data Lifecycle Management
Data Creation and Collection
- Data must be classified at the time of creation or collection internally by the person creating or collecting the data.
- Appropriate security controls must be applied immediately
- Data collection must comply with applicable privacy laws and regulations
Data Retention
- Data is retained only as long as necessary for business or legal requirements
- Retention periods vary based on data classification and applicable regulations
Data Disposal
- Data disposal must render information unrecoverable
- Higher classification levels require more secure disposal methods
Third-Party Data Handling
When third-party services are used to process or store Vidovo data:
- Third parties must demonstrate adequate security controls
- Contracts must include appropriate data protection clauses
- Data classification requirements must be communicated to third parties
- Regular assessments of third-party security practices are conducted
Compliance and Monitoring
- Regular audits are conducted to ensure compliance with this policy
- Security incidents involving classified data are investigated and documented
- Policy violations are addressed through appropriate disciplinary measures
Limitations and Disclaimers
No Absolute Security
Important Notice: While Vidovo implements reasonable security measures based on data classification, no security system is completely impenetrable. Vidovo makes no guarantees regarding:
- The prevention of all unauthorized access or data breaches
- The effectiveness of encryption or security controls in all circumstances
- The complete accuracy of data classification by users or systems
- The security practices of third-party services or partners
We make no guarantees regarding the security of the data you store with us. This is an internal policy and is not a guarantee of security. Vidovo will not disclose the details of our data classification policy to anyone outside of Vidovo or its employees.
User Responsibility
Users are responsible for:
- Properly classifying data according to this policy
- Following appropriate handling procedures for each classification level
- Reporting suspected security incidents or policy violations
- Maintaining the confidentiality of access credentials
Third-Party Liability Disclaimer
Vidovo does not assume liability for the data handling practices, security measures, or data classification policies of third-party vendors, partners, or service providers. Users acknowledge that third-party services may have different security standards and data handling practices.
Policy Updates
This policy is reviewed and updated periodically to reflect changes in:
- Business requirements and data types
- Technology and security best practices
- Legal and regulatory requirements
- Lessons learned from security incidents
For questions about data classification or to report security concerns:
Vidovo
Email: contact@vidovo.com