The final instalment of our three part blog series: The Top 10 Tips on Implementing a Successful Data Classification Project, this post presents tips seven to ten.
Allow for Partnering
Any form of partnership requires organisations to share data in a controlled manner, so a classification solution should be adept at interpreting and interoperating with the classification schemes of other organisations. This way, your users won’t be faced with the challenge of having to understand the handling and safeguarding requirements of each partner’s data.
Consider a Phased Implementation
It’s worth analysing user behaviour before deciding which aspects of your policy you need to enforce. Your data classification solution should offer options for enforcement that either warn the user of an issue, but allow them to continue what they were doing (ensuring that the action and reason for the user continuing is logged) or alert them to the issue and prevent them from continuing until the issue is resolved. Some larger organisations also stagger their implementations by rolling out to a reduced number of departments or super-users initially, incorporating feedback into the policy and approach, and then rolling out to the remainder of the organisation.
Plan for Change
In any labelling scheme, there will be a natural lifecycle for some label values. To minimise impact on your users, your classification solution should cope with retiring or replacing label values. One external factor which you should be able to plan for is changes in legislation concerning data security. You’ll need to plan for transitions and make decisions on what to do with any data classified under old schemes.
Close the Loop
Allow for a regular review and analysis of the information being classified (or not classified in some cases) so that you can then communicate the results to the business owners responsible for safeguarding confidential information and, where appropriate, to the individual users concerned.
With revised European Data Protection laws, many organisations are looking to data classification both to support compliance, but also for its many other security benefits. Whatever your motivation, the implementation of a data classification policy goes beyond technology and your overall approach is the key to success.