11 most common mistakes that derail data classification projects
In the digital era, users generate more information globally than ever before. Among those petabytes, every organization holds some data types that need safeguarding, whether personnel information, a customer database, a price list, intellectual property, or something else.
Strategically minded organizations increasingly use data classification (also known as protective markings, sensitivity labels, and security classification marking) solutions to improve how their teams and systems identify, track, store, retrieve, share, and control sensitive information. Cost-effective and straightforward to deploy, use, and maintain, data classification solutions are proven to reduce the risk of information loss or mismanagement and meet compliance requirements.
Our team has over 15 years of experience working with data classification solutions globally. This article shares 11 of the most common mistakes we see that derail data classification programs.
1. Too many/few classifications
Data classifications must reflect the sensitivity of an information file type and the likely consequences for your organization, should it fall into the wrong hands. The markings must make sense to all employees, including new hires and temporary staff, to help ensure accurate, consistent usage.
Define too many classification categories and users will get overwhelmed with choice, need help with application, or make mistakes. Defining too few makes life easier for users but risks your system under-protecting or over-protecting information.
To keep data classification processes specific, simple, and effective, we encourage every organization to understand its use cases and design practical classification schemas that fit those needs. Start with a standard framework of three to four classifications and tailor from there as needed.