Purpose

To provide the basis for protecting the confidentiality of data at Scoreplay by establishing a data classification system. Further policies and standards will specify handling requirements for data based on their classification.

Scope

This standard applies to all data or information that is created, collected, stored or processed by Scoreplay, in electronic or non-electronic formats.

Policy

All data at Scoreplay shall be assigned one of the following classifications. Collections of diverse information should be classified as to the most secure classification level of an individual information component with the aggregated information.

1. Restricted: Data in any format collected, developed, maintained or managed by or on behalf of clubs, or within the scope of activities, that are subject to specific protections under local law or regulations or under applicable contracts. Examples include, but are not limited to player information, staff credentials.
2. Sensitive: Data whose loss or unauthorized disclosure would impair the functions of the club, cause significant financial or reputational loss or lead to likely legal liability. Examples include, but are not limited to media files uploaded, player images, sponsor logos.
3. Open: Data that does not fall into any of the other information classifications. This data may be made generally available without specific information owner’s designee or delegate approval. Examples include, but are not limited to advertisements, job opening announcements, regulations and policies and press releases.

Responsibilities

1. Data owners are responsible for appropriately classifying data.
2. Data custodians are responsible for labeling data with the appropriate classification and applying required and suggested safeguards.
3. Data users are responsible for complying with data use requirements.
4. Data users are responsible for immediately referring requests for public records to the CTO of Scoreplay.