Understand how confidential your business files are

This self-assessment tool helps you start a conversation on privacy awareness and take better care of your confidential files

Please select your department and the types of work documents you are dealing with

Your department

General

Please select the general business documents you are handling

HR

If you do HR-related work, please select the files about employees you are handling

Health

If you work in the health sector, please select the files about patients you are handling

Step 1 of 2

Tresorit does not guarantee the accuracy of the list and assumes no liability for the erroneous inclusion, misidentification, or any other action related to the maintenance of the list. The results of the self-assessment tool are oriented on recommendations based on the German industry norm DIN 66399 and internal guidelines of the LSE. Please consult a local data protection professional to assess the specific data protection requirements of your country and industry. Sources: Berlin Commissioner for Data Security and Freedom of Information, TÜV Süd and Information Security Manager of the LSE.

Once you have submitted your responses, they will be stored anonymously in a secure database for reporting purposes only. We will neither link your responses to any meta data such as your IP address nor be able to identify individuals based on their responses.

Check your results and learn what you can do

This summary of your results can help you start a conversation on privacy awareness and taking better care of the confidential files in your organization

Result: You are handling data of
critical confidentiality

  • very confidentialvery confidential
  • restrictedrestricted
  • internal useinternal use
  • publicpublic

You are handling some documents that concern the privacy of individuals or might have value for your organization. Most of the information is already publicly available or suitable for company-wide internal use. However, a breach or premature release of this data can make information public that could affect your business plans or cause discomfort for your employees. Below, you can check some secure best practices and easy features of online services which can help you to protect your data.

You are handling several documents that seriously concern the privacy of individuals or the operations of your business. Data breaches could result in negative publicity but are unlikely to cause severe financial or reputational damage. However, the disclosure of personal information may affect the emotional and economic wellbeing of your employees, clients or patients. Please consult a local data protection professional about the specific privacy requirements in your country and industry. You can also check below which documents to protect first and learn about useful features of online services that can help you to protect your files.

You are dealing with various documents that concern the privacy of individuals or might have significant value for your organization. Data breaches could result in severe damage to your organization, partners, employees, patients or clients. If you have not done it so far, please consult a data protection professional about the specific privacy regulations in your country and industry. You can also check below which documents have the highest priority and learn about best practices and advanced security features that can help you to protect your data and business.

Level 3 – Very confidential

You selected

What are the risks?

Documents and files of this type require your full attention and many countries punish careless handling of this data with high fines and penalties. Very confidential data could contain the most private information of your staff members, patients or clients and not securing them could cause severe damage to their life or personal freedom. Even in cases where personal data is not included, they may still have critical business information of significant value for the company and its future. A breach could cause you to lose partners or funding.

What can you do?

Carefully review who needs to have access to this information ("Need-to-Know Policy") and do everything you can to protect their integrity. Also, check if the service providers you use to store or share data comply with the legal requirements for these special documents. Don't leave unprotected copies of these files on your desk and access them only from secure access points. Ensure the whole lifecycle is protected – make sure you can wipe-out a device that gets stolen or revoke all access rights of a team member when they leave the organization. Read how Zero-Knowledge, DRM and fall-back plans can help you »

Level 2 – Restricted

You selected

What are the risks?

Most of the documents that fall into this category are only relevant for the daily operations of specific departments. Access can be limited to a smaller group of people who need it for their work. A breach may lead to negative publicity and loss of trust in your company which could affect the financial success of your business. Unwanted disclosure of personal information included in these documents can have a serious impact on the economic or personal well-being of your staff or clients.

What can you do?

Aside from the basic protection applied to information of internal use (encryption and protected logins), advanced measures are required to control and limit access to files deemed as Restricted. Make sure only the people who need it for work have access to it. Tiered permission controls can help you choose which teams can handle certain files and include additional protection such as IP blocking to restrict access from outside the organization (even with stolen login credentials). It’s recommended to systematically introduce best practices such as the “Principle of Least Privilege” and use business services that foster "Privacy by Design". It is strongly recommended to consult a data security officer to help define who in your organization needs access to what and what legal frameworks in your country need to be considered. Learn more about best practices and ways to restrict file access »

Level 1 – Internal use

You selected

What are the risks?

Information suitable for internal use normally can be disclosed to all members of the organization without any restrictions. However, public access to this type of information could affect your business plans or give competitors insights into your company’s processes. A breach of personal information may affect the social or economic status of the person. The expected damage is limited in both cases and usually, can be undone. Avoiding this is preferable.

What can you do?

Since anyone in your organization can have access to this type of data, all of them need secure connections to the internal platforms and communication channels. Encryption of data transfers and stored documents, as well as protecting login credentials with strong passwords and 2-step verification are the default security measures recommended for any business data. If you need to share documents of this type with external partners, you can use protected download links. Learn more about encryption, account protection and secure sharing »

Level 0 – Public

You selected

What are the risks?

Information that is already available in publications of your organization can be disclosed to any audience without restrictions. However, this is only valid from the perspective of confidentiality and does not imply that you can reuse or modify the information without the consent of the owner.

What can you do?

If you notice that previous publications contain information that this tool listed in a higher confidentially class, it is recommended to take action and remove the information. You may also want to reassess which of your public business information could be abused to gain more sensitive data via phishing attacks. Read more about best practices »

* Tresorit does not guarantee the accuracy of the list and assumes no liability for the erroneous inclusion, misidentification, or any other action related to the maintenance of the list. The results of the self-assessment tool are oriented on recommendations based on the German industry norm DIN 66399 and internal guidelines of the LSE. Please consult a local data protection professional to assess the specific data protection requirements of your country and industry. Sources: Berlin Commissioner for Data Security and Freedom of Information, TÜV Süd and Information Security Manager of the LSE.

Once you have submitted your responses, they will be stored anonymously in a secure database for reporting purposes only. We will neither link your responses to any meta data such as your IP address nor be able to identify individuals based on their responses.