Information Services Division


Understand 'highly confidential' information

If you have read and understood UCL's information classification scheme but you are still unsure about what 'highly confidential' means, this guidance may be helpful.

UCL defines three classifications of information for confidentiality purposes: public, confidential and highly confidential. The Information Management Policy informs users what is expected of these classifications of information from staff and other users.

If information is held which relates to any of the special categories of personal data defined under the General Data Protection Regulation (2016), then the information will be highly confidential under UCL's classification scheme but what if users are unsure of whether the information is 'special category'?

Under some circumstances, users may collect information in a medical context and this may still not be defined as special category, for example:

a) when carrying out interviews with medical professionals or NHS staff where there is no requirement or likelihood of disclosing details about patients or people in their care, e.g. in the qualitative evaluation of care services

b) when carrying out experiments which measure ordinary human responses to a given stimulus and participants have not been selected on special category grounds (though special category personal data may arise easily from such experiments)

It may be that information of these sorts can be classed as 'confidential' as opposed to 'highly confidential' under the UCL classification scheme. However, users should consider this very carefully before assigning a lower classification. Support is available through infogov@ucl.ac.uk and through the UCL Data Protection Office.

Is a name highly confidential?

Names and other publicly accessible identifiers in the context of medical research, for example, will be highly confidential because these will be associated with other information such as the study name, or the folder name where they are saved. In theory, a name is not highly confidential, but in practice the context will always be visible where names are kept. If you can use your UCL login to access both a) names of people and b) their special category information, then their name and special category information are no more secure or removed from each other than your login itself.

Why else might information be highly confidential?

Some forms of research rely on secondary data sets from sources outside of UCL. In those circumstances, there will be a requirement to handle those data sets in a confidential, and potentially highly confidential, manner depending on what the source deems to be highly confidential. In practice, the assurances that users provide to external organisations will form the basis of an agreement and a contract is highly likely to underpin this. Those assurances may be difficult to support unless the information is treated as highly confidential within UCL.