3. 3
AGENDA
Understanding Data Classification
The Need for Data Classification in Our Organization
Overview of the Data Classification Policy
Understanding the Different Levels of Data Classification
Importance of Everyone’s Participation
4. TECHNOLOGY INNOVATION... SIMPLIFIED 4
Understanding Data Classification
Data classification is the process of organizing data into
categories based on its level of sensitivity and
importance that make it is easy to retrieve, sort and
store for future use.
Importance of data classification
A well-planned data classification system makes
essential data easy to find and retrieve. This can be
particularly important for risk management, legal
discovery, and compliance.
5. TECHNOLOGY INNOVATION... SIMPLIFIED 5
The Need for Data Classification in Our Organization
Our organization deals with multiple types of data. It’s important to classify our data to protect sensitive information,
meet legal and regulatory obligations, and manage data more effectively.
Benefits of Data Classification:
• Well-Rounded Data Security: Data classification helps maintain the confidentiality, integrity, and availability of
data. It allows for tailored data protection and management of sensitive information like Personally Identifiable
Information (PII), or Protected Health Information (PHI) based on its importance to the business.
• Regulatory Compliance: It helps businesses follow regulatory mandates such as HIPAA and GDPR.
• Cost Reduction: It can help reduce storage costs by applying tiered backup plans per classification type.
• Improved User Productivity: By eliminating unnecessary data, it can boost user productivity.
• Facilitates Decision Making: It helps businesses prioritize data protection efforts, improving security and
regulatory compliance.
6. TECHNOLOGY INNOVATION... SIMPLIFIED 6
The Need for Data Classification in Our Organization
Challenges of using Data Classification:
• Complexity: The process of classifying data can be complex and time-consuming, especially for large
organizations with vast amounts of data.
• Maintaining Accuracy: Ensuring the accuracy of data classification can be challenging, particularly as data evolves
and new data is created.
• User Compliance: Getting users to comply with data classification policies can be difficult.
• Cost of Implementation: Implementing a data classification system can be costly, particularly for small and
medium-sized businesses.
Despite these challenges, the benefits of data classification often outweigh the difficulties, making it a crucial
component of an organization’s data management strategy.
7. TECHNOLOGY INNOVATION... SIMPLIFIED 7
Overview of the Data Classification Policy
Our Data Classification Policy provides a framework for classifying data based on its sensitivity, value, and criticality
to the Marks & Spencer Reliance (MSR), so sensitive corporate and customer data can be secured appropriately.
Key components of the policy:
• Principle 1 - Open by Default
• Principle 2 - Necessity and Proportionality
• Principle 3 - Timely Classification
• Principle 4 - Highest Level of Protection
• Principle 5 - Segregation of Duties
• Principle 6 - Need to Know
• Principle 7 - Least Privilege
These principles form the
backbone of the data
classification policy and guide
how data is handled within the
organization. It’s important
that all employees understand
and adhere to these principles
to ensure the effective
management and protection of
the organization’s data.
8. TECHNOLOGY INNOVATION... SIMPLIFIED 8
Understanding the Different Levels of Data Classification
High sensitivity data (Strictly Confidential)
If compromised or destroyed in an unauthorized transaction, would have a catastrophic impact on the
organization or individuals. For example, Merger and acquisition plans, Business plans, trade secrets,
customer data, information security data, dealer pricing strategy, strategy documents.
Medium sensitivity data (Confidential)
Intended for internal use only, but if compromised or destroyed, would not have a catastrophic impact on
the organization or individuals. For example, Employee performance evaluations, CTC details, internal audit
reports, short-term marketing plans, M&S details etc.
Low sensitivity data (Internal)
Intended for public use. For example, Telephone directory, training materials, and manuals.
No sensitive data (Public)
Intended for public use. For example, Service brochures, advertisements, job opening announcements, and
published press releases.
9. TECHNOLOGY INNOVATION... SIMPLIFIED 9
Importance of Everyone’s Participation
• Data classification is a team effort. Everyone in the organization has a role to play in ensuring
that our data is properly classified and protected.
• Your participation is crucial to the success of our Data Classification Policy.