What is Sensitive Data Classification? Sensitive data can be a number of things. The easiest way to think about it is to think of personal data you would not want to be shared with just anyone. There are several common pieces of sensitive data: Financial information – credit card numbers, bank account information, and social security numbers. Government information – any document that is classified as secret or top-secret, restricted,…
The easy answer to when you should classify new data is as soon as it is created. However, as data moves through each stage of the lifecycle, it is important to evaluate and update its classification, as necessary. As the data classification process is likely new to your organization, there will be data in each of these stages and it is important to classify data regardless of which stage of the data…
(by Todd Feinman, Spirion Co-Founder and Chief Strategy Officer) Data Discovery and Classification The holiday season is typically when data breaches often occur. We’ve seen significant news stories about breaches at Starwood Hotels and Quora. Around the holidays in 2017, it was announced that there was a significant privacy leak at eBay affecting many customers. And, it was just before the holidays in 2013 that Target announced the infamous breach…
Locating and Managing EU Personal Data for GDPR Compliance Spirion recently hosted a live webcast discussion on the topic of “Locating and Managing EU Personal Data for GDPR,” featuring a panel of security experts, comprised of: Colin Anderson, global CISO of Levi Strauss & Co.; Todd Feinman, founder and CEO of Spirion; Scott Giordano, privacy attorney and director at Robert Half Legal; and, Justin Suissa, principal at infoedge. In this…
(by Todd Feinman, CEO and Founder of Spirion) My team thought others would be interested in a memo that I sent to some friends and colleagues. The memo follows: I have received an overwhelming number of requests for information about what to do since the Equifax leak of 143 million SSNs was disclosed. I’ve tried to summarize those questions to help you protect yourself, your family, and your business. If…
(by Todd Feinman, CEO and Founder Spirion) Equifax allowed 143 million Social Security Numbers (SSN), Names, Date of Birth (DOB), and other personally identifiable information (PII) to be stolen. This affects most of us personally because we all have financial accounts (e.g., credit card, bank account, mortgage, car lease) and it’s highly likely Equifax was the recipient of your SSN from a bank who ran a credit report on you…
(by Cory Retherford, Spirion user) Greetings! I am a Solution Engineer for Spirion, LLC. My adventure using the data security software began in 2007 as the Indiana University Technology Services Manager for Student Enrollment Services. We had an organizational mission to provide a solution that would allow a better understanding of our data footprint and the types of data existing on our workstations, servers, and websites. As it happens, fate guided me to the…
Data classification is a core component of defining and understanding data that security and risk professionals must protect, as well as identifying the way employees should handle it and the types of security controls that are necessary. Data classification tools, which include manual (user-driven) and automated classification, help organizations apply metadata tags to sensitive data. In the last year, more than half of global security decision makers have implemented data…
Over the next 2 months, we’ll be posting a series of blogs that will share information and best practices garnered from over a decade of experience implementing data discovery and more recent data classification solutions. In this blog series you will learn how to identify data as sensitive, how to define a classification schema and separate your data, the risks of not classifying data balanced with the benefits of a…
Following Spirion’s presentation at RSA 2017, “The Impact of Data Discovery and Data Classification in Information Security” Dr. Larry Ponemon of the Ponemon Institute discusses some of the key findings from “The Importance of DLP in Cybersecurity Defense” Ponemon report. The report, which was published in February of 2017, found significant differences between responses of those that are using a manual approach to mitigate or curtail the leakage of sensitive…