Data classification is the process of segmenting data into tiers with different levels of protection to ensure privacy is maintained. Tier 1 contains sensitive data, such as protected health information, educational records, cardholder data, and other similar data. Tier 2 contains company confidential data, such as financial records, employee phone numbers and home addresses, personnel and tax records, and other confidential data. Tier 3 contains public data, such as what’s available on your website, or readily searchable, such as press releases, news stories, and marketing materials.
Protecting highly sensitive data can be expensive. And yet the costs of not giving it the proper level of protection can be even higher. By classifying your data, you can give the most sensitive data the highest levels of protection. Otherwise, Tier 1 data leaks could potentially help a malicious agent identify, impersonate, or defraud an individual, and Tier 2 data leaks could expose your organization to reputational or financial loss. And even though Tier 3 data is publicly available, it still needs to be protected from unauthorized changes or spoofing.
SPIO lists the protection requirements for each tier of data, making it extremely clear what tasks need to be performed to ensure compliance, protection, and privacy, such as requirements that all tier one and tier two data needs to be encrypted both in transit and at rest.