Data Classification
Data classification is the process of analyzing structured or unstructured data and organizing it into categories based on file type, contents, and other metadata. Further these data may be used and protected more efficiently. Data classification includes tagging data to make it easily searchable and trackable. It also removes multiple duplications of data, which can decrease storage and backup costs.
Further data classification can be done based on content, context and user level selection.
Highly Confidential Data
Sensitive information subject to a need-to-know basis for certain individuals or groups that are typically approved by organization where unauthorized disclosure may cause severe financial or reputational damage.
Examples:
- Firm legal documents
- Employee records
- Financial data
- Account number/ credit card number / debit card number
- Non-public client board member information
- Some client data
- Personal data (PII) such as ID numbers
- Special Categories of personal data (Sensitive Personal Data) such as political opinions, religious beliefs, genetic data, health data
Confidential Data
Information subject to a need-to-know basis for certain individuals or groups where unauthorized access may cause significant damage that may result in financial penalties.
Examples:
- Client data
- Non-public or proprietary information such as marketing and business development plans
- Work products and deliverables
- Personal data (PII) such as ID numbers
Internal Data
Proprietary information intended for internal use or authorized external use where unauthorized external disclosure may cause embarrassment or minor damage to organization.
Examples:
- Training materials
- Organizational charts
- Third Party content
Public Data
Information intended for public use where public use and disclosure would not negatively impact the Organization.
Examples:
- External marketing materials
- Public website/ blog content
- Employee directory
- Whitepapers/ publications
- Company holiday calendar
All organizations shall Data Classification policy. The policy defines who are responsible for classifying data for different programs or organizational units. It further describes below points;
- Which person owns the data or information?
- Who is responsible for integrity and accuracy of the data?
- Where is the data stored.
- How data backup is taken.
- What is the retention policy.
- What is data destruction policy.
- Whether all are being documented or not?
Therefore this is just a basic information on data classification or information classification.
-DR
No comments:
Post a Comment