Privacy & data handling (restricted category). State: Review pending. Owner: Marcus Sterling.
# Data Handling Policy ## 1. Purpose Establishes how Northstar Logistics classifies, stores, transmits, and retains information assets including customer shipment data, employee PII, financial records, and operational telemetry. ## 2. Classification Data is classified as: Restricted (customer PII, payment data, employee SSN/government IDs), Confidential (internal financials, vendor contracts, route optimization data), Internal (operational dashboards, team communications), Public (marketing collateral, press releases). ## 3. Storage requirements Restricted data must be encrypted at rest using AES-256 or equivalent. Confidential data must be stored in approved systems (no local-only copies). Access is governed by least-privilege RBAC reviewed quarterly. ## 4. Reviewer chain (RESTRICTED CATEGORY) This policy is in the **restricted** category. Publication requires approvals from both **Legal** and **Information Security** reviewers before executive approval. Attempts to publish with only one reviewer will be blocked.
| Order | Reviewer type | Reviewer | State | Decision | Comment |
|---|---|---|---|---|---|
| 1 | Subject-matter expert | - | Approved | - | - |
| 2 | Legal | - | Awaiting | - | - |
| 3 | Security | - | Awaiting | - | - |
| Version | State | Author | Published | Substantive | Retired |
|---|---|---|---|---|---|
| v2 | Review pending | Marcus Sterling | — | Cosmetic | — |
| v1 | Retired | Marcus Sterling | Mar 17, 2026 | Cosmetic | Mar 17, 2026 |
| Employee | State | Assigned | Due | Attested at | IP |
|---|---|---|---|---|---|
| No attestations recorded for this policy yet. The attestation roster opens once the policy publishes. | |||||