data classification

Data classification is the process of organizing data into categories for its most effective and efficient use. 

A well-planned data classification system makes essential data easy to find and retrieve. This can be of particular importance for risk management, legal discovery, and compliance. Written procedures and guidelines for data classification should define what categories and criteria the organization will use to classify data and specify the roles and responsibilities of employees within the organization regarding data stewardship. Once a data-classification scheme has been created, security standards that specify appropriate handling practices for each category and storage standards that define the data's lifecyle requirements should be addressed.

To be effective, a classification scheme should be simple enough that all employees can execute it properly. Here is an example of what a data classification scheme might look like:

Category 4:  Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk. 

Example: Employee social security numbers, customer credit card numbers

Category 3: Sensitive internal data that if disclosed could negatively affect operations. 

Example: Contracts with third-party suppliers, employee reviews

Category 2:  Internal data that is not meant for public disclosure.

Example: Sales contest rules, organizational charts 

Category 1:  Data that may be freely disclosed with the public.

Example:  Contact information, price lists

This was last updated in May 2007

Continue Reading About data classification

Dig Deeper on Database management system (DBMS) architecture, design and strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats