Data classification is the process of categorizing data according to its type, sensitivity, and value to the organization if altered, stolen, or destroyed1. Data classification helps an organization understand the risk level of its data and implement appropriate controls to protect it. Data can be classified into three risk levels: low, moderate, and high23. Low risk data are data that are intended for public disclosure or have no adverse impact on the organization’s mission, safety, finances, or reputation if compromised23. Sanitized customer data used for aggregated profiling are an example of low risk data, as they do not contain any personally identifiable or sensitive information that could be exploited for criminal or other wrongful purposes. Sanitized data are data that have been modified to remove or obscure any confidential or identifying information, such as names, addresses, phone numbers, etc. Aggregated data are data that have been combined or summarized from multiple sources to provide statistical or analytical insights, such as trends, patterns, averages, etc. Sanitized and aggregated data are often used for research, marketing, or business intelligence purposes, and do not pose a significant threat to the organization or the customers if exposed. References:
1: What is Data Classification? | Best Practices & Data Types | Imperva
2: Data Classification Guideline (1604 GD.01) - Yale University
3: Risk Classifications | University IT
: Data Classification Policy - Shared Assessments
: What is Data Sanitization? | Definition and Examples | Imperva
: What is Data Aggregation? | Definition and Examples | Imperva
Submit