Classification: All data is not created equal

31,684 - That's the number of unread emails on my friend’s phone. 31,684 UNREAD emails to be precise. Having a long working history in Information Management, my anxiety hit new levels when I saw the envelope icon with such a huge number starring back at me. I immediately forgot why he'd even handed me his phone. I was quickly reassured that the unread email was considered junk, but where does this level of comfort around the value of this data come from?

Most free email providers now offer some level of classification. Gmail offers smart labels to help users automatically categorize data. Smart Labels are configurable but at a basic level are enabled to automatically send emails that are received, such as newsletters, to a bulk label. Even in its most basic form, classification works to create comfort around the value of data. For most users, the majority of emails labeled as bulk will never be reviewed. Without publicizing it, Google has rolled out classification to all of its users and the categorization it provides is interpreted as inherently valuable.

In 2014, Gartner published a guide on how to ‘Implement Information Classification to Enhance Data Governance and Protection.’ That means that although over three years ago classification was identified as a powerful tool in regulatory compliance by the analysts, it’s adoption has been slow. The manual process of classification, particularly at scale, has made it an overwhelming organizational challenge. However, with new technologies, such as Veritas Information Classifier embedded within Enterprise Vault and Data Insight, classification policy configuration and enforcement has been simplified.

Regulatory changes are furthermore driving adoption. GDPR requirements are reinforcing the value of being able to use classification for the purposes of identification, retention, search, and defensible deletion. With classification as part of a GDPR strategy it becomes easier to:

  • Identify data with clear business value that should be kept, AND
  • Identify data that should be deleted, AND
  • Enforce retention (and ultimately data expiration), AND
  • Identify PII as part of a Subject Access Request (SAR) or request to be forgotten

All data is not created equal and therefore it should not be treated as such. Classification as a concept not only enforces this premise but in practice is a solid foundation for regulatory compliance.

With GDPR compliance being enforced in under a year, contact Veritas to assess your GDPR readiness

 

Vision Streaming