A recent report entitled “Information Strategy 2017”, published by the Information Coalition finds that information security remains a top priority for over 90 percent of organizations. Given that the number of data breach activity continues to rise, these finds are not very surprising.

What is surprising, however, is many organizations continue to increase their spend on security-related software without putting in the additional work of better information architecture. This can prove extremely problematic down the road. When we are unaware of where our riskiest information resides, we aren’t able to effectively secure it. So, while it’s wonderful to see organizations prioritize information security initiatives, taking the appropriate steps in organizing and classifying data should be a close second.

A data classification endeavor doesn’t have to be complicated. So, it’s best to keep it simple. Quocirca’s Clive Longbottom, a technology industry analyst, suggests the following key steps in conducting a successful data classification project.

  • Understand the business – including any legal, regulatory requirements
  • Identify all business units where classification might be relevant
  • Create a matrix of all information assets and the rules that apply to each
  • Define primary, secondary, tertiary storage needs for each asset
  • Define the rules and different classification names that apply to each asset
  • Select a technology that will enable the rules and policy to be applied consistently throughout the entire organization

We look forward to monitoring how organizations are using data classification to ensure the ongoing effectiveness of information security efforts.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Merrifield Jim Merrifield

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes…

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes, including law firms and Fortune 500 companies, develop and implement practical information governance strategies, policies, and best practices. Jim is a well-respected expert in the information governance industry. With an extensive background in policy development and enforcement, enterprise program deployment, and technology solutions, he has earned a strong reputation as a knowledgeable practitioner and reliable consultant. His deep understanding of the space is reflected by his many publications, lectures, and consulting services for top-tier companies and law firms. Jim holds a bachelor degree in Legal Studies from Quinnipiac University and is a certified information governance professional (IGP).

Jim’s innovative thinking and commitment for the industry has enabled him to create the popular podcast, InfoGov Hot Seat, a platform for candid conversations featuring practitioners, consultants and solution providers – offering valuable perspectives to listeners about legal technology and managing information as an asset.