What is Data Classification?
The process of categorizing data by sensitivity level to determine appropriate protection measures and access controls.
Data classification ensures that sensitive information receives proportionate protection.
Common Classification Levels
- Public: Information that can be freely shared
- Internal: Not public, but not highly sensitive
- Confidential: Sensitive business or personal information
- Restricted: Highest sensitivity — regulated data, trade secrets
Why It Matters for Privacy
- Helps identify what data needs encryption
- Determines who should have access
- Guides data retention decisions
- Required for compliance with GDPR, HIPAA, PCI-DSS
Personal Data Classification
Apply the same principle to your own data:
- What would cause serious harm if leaked? (bank credentials, medical records)
- What would be embarrassing? (personal messages, browsing history)
- What's low-risk? (public social media posts)
- Protect each category proportionally
Related Terms
Data Minimization
A privacy principle that organizations should collect only the minimum amount of personal data necessary for a specific purpose, and retain it only as long as needed. This reduces privacy risks by limiting exposure in case of breaches or misuse.
Encryption at Rest
Encryption applied to data stored on disks, databases, or other storage media. When data is 'at rest' (not actively being transmitted), encryption protects it from unauthorized access if storage devices are stolen or compromised.
PII (Personally Identifiable Information)
Any data that can be used to identify a specific individual, including name, address, phone number, email, Social Security number, and biometric data.
Have more questions?
Use our guided flow to get the right next privacy step for Data Classification.
Open Guided Flow