High-risk data should be documented in the Data Management Plan before the start of the project along with the safeguards that will be in place to mitigate any risks.
These should be documented in the following sections/questions of the BU Data Management Plan (DMP) template:
Ethical and legal compliance
Storage, back-up, and security
In addition to special category personal data, BU's Information asset classification page lists the types of information considered high-risk. It includes things like:
This isn't an exhaustive list. It is anything whereby inappropriate disclosure could:
High-risk data should be documented in the Data Management Plan before the start of the project along with the safeguards that will be in place to mitigate any risks.