Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Data Classification For Your Research Data (BETA version): Risk Calculation

Security risks for data collected and used in a project can vary depending on the form and nature of the individual data assets. Data assets are the elements/parts of the data collection and they can transform during the research: from raw data, to processed data, and analysed / archived data. Data assets can involve both physical as well as digital formats: (paper) consent forms, video data, physical measurements, etc. It is recommended that a researcher uses this tool to establish the data classification for all data assets. The Data classification involves 4 risk levels: availablity, integrity, confidentiality and privacy.

Important reminder: if you fill out fields, and mark options in this digital form, they are NOT automatically preserved. You need to print this form to preserve the filled out form! A printed data classification form is very useful when discussion your project with a Privacy Champion or when discussing security issues with IT for Research. In some cases it is a requirement when discussing your project requirements.

Name of the Project

Data Asset

(How to Define Data Assets) Max 350 characters

Do you collect data from human subjects?


Availability Risk AssessmentOverall Risk: not defined yet

Overall Availablity Risk :

How readily do your data need to be available to you or your research team?



Additional information:

Max 1050 characters

How long would data need to be unavailable for your research project to suffer serious harm (i.e. not just minor inconvenciences)?

Examples of harm include:

  • inability to move forward with the research project;
  • inability to provide data to a third party or grant provider;
  • breach of contract/legal requirements, such as contractual or legal requirements to share data;
  • reputational damage to the researcher(s) and the VU, e.g. inability to provide data upon request can lead to retraction of research articles;
  • inability of temporary staff, such as PhD candidates, to complete work in timely manner, which could damage their professional development;
  • financial costs due to delays



Additional information:

Max 1050 characters

Are there specific situations where access to the data absolutely MUST NOT be lost? (e.g. during long computations or during scheduled batch processing)


Additional information:

Max 1050 characters

How severely would the research project be harmed if the data are lost? Consider the worst possible scenario, i.e. at the start of data collection, data loss may not be a major issue, but loss of the data is most definitely an issue once data collection is complete




Additional information:

Max 1050 characters

How long will the data need to be stored and maintained?


Additional information:

Max 1050 characters

Integrity Risk AssessmentOverall Risk: not defined yet

Overall Integrity Risk :

Do multiple users need to be able to access, utlize and/or edit the data simultaneously, thereby increasing the risk of data corruption and/or unauthorized changes?



Additional information:

Max 1050 characters

Have measures to account for data entry error, data cleaning, measurement error, bias and so forth already been addressed in your data management plan and/or research proposal?



Additional information:

Max 1050 characters

How severe would the impact on your research be if data become corrupted during storage or unauthorized changes are made to the data after collection?

Examples of harm include:

  • incorrect research conclusions that result in retractions of published articles, reputational damage and/or erroneous influence on public policy and future research;
  • financial impact and delay of completion of the research project due to time required to correct the corruption or unauthorized changes


Additional information:

Max 1050 characters

Confidentiality Risk AssessmentOverall Risk: not defined yet

Overall Confidentiality Risk :

Note that confidentiality risks related to you and your research team's obligations to keep your data confidential. This applies whether or not you are working with data from human subjects and may relate to legal, ethical and/or contractual obligations

If the data in question are not kept confidential, how severely would the VU’s reputation be harmed?

Examples of reputational harm include:

  • loss of public trust;
  • loss of trust from external partners; damage to third party relationships
  • reputational damage to individual researchers


Additional information:

Max 1050 characters

If the data in question are not kept confidential, how severe would the legal and/or contractual liabilities be for the VU (e.g. fines, legal action by third party partners)?



Additional information:

Max 1050 characters

Privacy Risk AssessmentOverall Risk: not defined yet

Overall Privacy Risk :

How would you describe your participants (multiple answers possible)?




Is the nature of the research something where pregnant women may be judged on their behaviours/health-status, e.g. smoking during pregnancy?











Which of the following best describes the data you are collecting (multiple answers possible)?




What kind of health-related/physical data will be collected (multiple answers possible)?





















What kind of experimental data will be collected (multiple answers possible)?











Are audiovisual recordings made of the observation?




Could topics addressed in the questionnaire be considered sensitive (i.e. if a person’s answers were made known to others, could it harm the individual)?



Does the questionnaire collect special types of data (health-related, race/ethnicity, religion/philosophies, sexual preferences, criminal history, union memberships, political opinions) or socio-economic information?

NB: This question can be answered as “no/recoded above” if this information has already been recorded above



Are there open text fields in the questionnaire?




Is the interview recorded on an audiovisual medium?


Would it be possible to infer sensitive information (such as sexual preferences, religion, health status, political opinions, criminal activity) about an individual by combining the research data with publicly available data, or by combining variables within the dataset(s) to find unique individuals, or through attribute disclosure (e.g. if a subset of participants with the same characteristics all have the same sensitive condition, such as HIV, it can be inferred that all participants in the dataset with those characteristics have HIV)?


If the data in question are leaked to the public, could this have a negative impact on the participant(s) (e.g. physical, mental, social or financial harm)?


Additional information:

Max 1050 characters