Changes to data sensitivity during the data life cycle present the greatest risk for a global organization when implementing a data classification policy, as they may result in data being under-protected or over-protected, leading to potential data breaches, compliance violations, or inefficiencies. Data sensitivity refers to the level of confidentiality, integrity, and availability that the data requires, and it may changedepending on the data’s creation, storage, processing,transmission, or disposal. A data classification policy should consider the changes to data sensitivity during the data life cycle and ensure that the appropriate controls and procedures are applied at each stage. Data encryption not applied to all sensitive data, many data assets that need to be classified, and changes to information handling procedures not documented are not the greatest risks, as they do not affect the data classification policy itself, but rather the implementation or execution of the policy. References = CRISC Certified in Risk and Information Systems Control – Question211; ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers, question 211.