3 Data classification

 

This chapter covers

  • Data classification: what it means for your customers
  • Why data classification is necessary
  • How you can implement data classification
  • How data classification can help satisfy your compliance challenges
  • How data classification can work cross-functionally
  • An end-to-end data classification process

In the first two chapters, I introduced the basics of privacy and what it means for your business. We then built a mental model that connects privacy to trust and safety, so that rather than an altruistic abstraction, privacy becomes a critical business goal.

Subsequently, we identified data as the building construct for privacy because of

  • Its power to identify individuals
  • Its abundance, thanks to ubiquitous internet connectivity, universally accepted IDs like Google, Facebook, and other device IDs
  • Its ability to shape and influence behavior by way of machine learning and artificial intelligence
  • Its potential to create often irreversible harms if used inappropriately or exfiltrated

Since protecting user privacy is critical for your company to maintain trust with users and maintain credibility with regulators, media, and privacy activists, it follows logically that your privacy-related efforts need to focus on data. To protect data from being used incorrectly in a way that hurts privacy, engineers need a holistic strategy on how best to understand data. The first part of that strategy is data classification.

3.1 Data classification and customer context

3.2 Why data classification is necessary

3.2.1 Data classification as part of data governance

3.2.2 Data classification: How it helps align priorities

3.2.3 Industry benchmarking around data classification

3.2.4 Unstructured data and governance

3.2.5 Data classification as part of your maturity journey