Data Classification – Who needs it?!

As an information security practitioner, there are times when you look at the security landscape for your organization and think, wow, there are definitely areas we can improve on.  Many of these areas, like Data Classification, are not necessarily easy to tackle and execution may even seem impossible!

What types of data needs to be protected?

There is a defined segmentation of data that needs protection – customer data.  Putting forth the minimum required effort from a compliance standpoint is a shortsighted view of a larger data classification need, because there are so many other groups of data that fit into a grey area.  In this grey area lives large quantities of private information that seemingly has no end, such as:

  • Employee information that human resources maintains (salary, healthcare info, address, etc.)
  • Information relating to mergers and acquisitions
  • Schedules
  • Access codes
  • Combinations to vaults
  • Minimum cash limits

How do we classify the sensitivity of this data?

It certainly doesn’t fall into the larger category of customer information, but it needs to be protected from exposure.  What’s more, this inadequacy will start to expose itself when looking at initiatives such as DLP, rights management, DR, incident response, optimization, technology spend justification and now – cyber-insurance requirements.

Take the time to look at how you are classifying data, what types of data labels you are using, and how data classification feeds into larger initiatives.  You may be surprised at how many areas this touches and how it can be leveraged to support the initiatives listed above.

If you need help understanding how Data Classification can help you, or if you need help building out a more comprehensive Data Classification scheme, please contact us at



By |2018-12-18T11:41:56-05:00November 7th, 2016|Security Solutions|Comments Off on Data Classification – Who needs it?!

About the Author:

As the Information Security Architect at Peters & Associates, Thomas Johnson (TJ) is responsible for providing security and compliance leadership. This includes such areas as vendor management, disaster recovery, business continuity, data protection, security products, budgeting and risk management. He has over 25 years of experience in security and technology and has extensive compliance related expertise in banking and healthcare. TJ holds many security related certifications as well as a Master’s Degree in Information Technology Management with a specialization in Information Security from the Illinois Institute of Technology in Technology. TJ focuses on Security Leadership, Risk Management, Information Security Assessments, Compliance Management and DR / BCP.