The NSW Government receives, uses, and manages information on behalf of the NSW public, other agencies, states and territories and the Commonwealth Government as part of normal business processes. Any compromise of this information could result in harm to individuals, organisations, or government and therefore it is important to protect it.
The NSW Information Classification, Labelling and Handling Guidelines detail how the NSW Government can correctly assess the sensitivity or security classification of information, and adopt appropriate labelling, storage, and disposal arrangements.
Protective markings detailed in the Guidelines are an easily recognisable way for information users and systems to identify the level of protection the information requires.
Who are the Guidelines for?
The Guidelines apply to the NSW Government sector, which includes all Public Service Agencies. The Guidelines are intended to be used by agency staff in roles that:
- receive, create, or edit information
- develop systems to collect, manage, and store information
- administer information and control user access
- protect information from misuse or access by unauthorised users.
The Guidelines are recommended for adoption in State Owned Corporations, as well as local councils and universities.
They apply to information in any format, both physical and digital.
What was the previous guidance?
These Guidelines supersede the NSW Government Information Classification, Labelling and Handling Guidelines (2020). Existing Dissemination Limiting Markers (DLMs) have been continued from the 2015 Guidelines at the request of NSW agencies, with some minor variations.
What are the levels of sensitivity?
A business impact levels (BIL) tool has been developed to help assess sensitive and security classified information, and a decision-making tool in the Guidelines assists in determining which, if any, DLM to apply.
- UNOFFICIAL - this information is not work related, such as a personal email
- OFFICIAL - this information is related to an agency’s business, but does not have security or sensitivity issues
- Sensitive information, if compromised, may cause limited damage to individuals, organisations, or government, and requires additional care in handling. While the Australian Government uses one DLM (OFFICIAL: Sensitive), in NSW we use six:
- We also use a caveat, NATIONAL CABINET, which is used to protect national cabinet documents. It can be used in conjunction with a DLM and with a security classification.
- Finally, there are three security classifications, which align with the Australian Government’s Protective Security Policy Framework 2018 (PSPF), to enable information to be more readily shared between NSW Government agencies and the Australian Government:
Where can I find out more?
The Guidelines will continue to be updated as needed to reflect changing requirements for information security. Each agency will develop their own agency-specific policies and procedures for implementing them. For further information, reach out to Data.NSW.