Data comes in all types. Part of a good Data Governance Policy is data classification. Do you use one? It doesn’t have to be too onerous. It can be as simple as identifying information into just a few classifications. You may need to start simple and adjust as you move forward.
Internal, external, confidential – that may be all you need. Of course, that’s a very simplified version. Most organizations are going to want to have more classifications. But, that really depends on the risk factors involved, the level of complexity you want and how your corporate culture reacts. The most important thing is that you start somewhere. If you want to limit your risks, avoid excessive exposure then a simple data classification strategy is a good step within your Data Governance Policy.
Knowing what you have, what it is, how it is being used, who is using it and whether it is active or stale data are all components of a Data Governance Policy. Be sure that you are able to answer any one of these questions quickly and thoroughly. Any gaps in data and your knowledge of the data are areas for risk.
So, do you classify?