█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Data Leakage Prevention/Data Classification
35 minBeginner

Data Classification

After this lesson, you will be able to: Classify data into tiers and understand why classification drives every other control.

You can't protect what you haven't categorized. Data classification assigns sensitivity tiers, public, internal, confidential, restricted, and each tier triggers specific controls (encryption, access, retention).

Prerequisites:What is Data Leakage?

The four standard tiers

Public, anyone can see (marketing pages, press releases). Internal, employees only (org charts, internal wikis). Confidential, restricted to specific roles (HR, financial reports). Restricted, strictly need-to-know (PII, source code, M&A docs, encryption keys).

💡 Classification drives controls

Encryption, access policies, DLP rules, retention periods, all derive from the tier. Misclassify, and either you over-protect (slow business) or under-protect (leak).

How organizations actually classify

  1. 1

    1. Define tiers in policy (CEO/CISO sign-off).

  2. 2

    2. Create labels (Microsoft Purview, Google Drive labels).

  3. 3

    3. Train employees: every new doc gets a label.

  4. 4

    4. Use auto-classification (regex/ML) for legacy data.

  5. 5

    5. Audit, sample documents, check labels match content.

PII, PHI, PCI

PII (Personally Identifiable Information): names, SSNs, emails. PHI (Protected Health Information): governed by HIPAA. PCI (Payment Card Information): governed by PCI-DSS. Each triggers its own legal requirements.

Quick Check

Where would a customer's home address fit?

Choose: Public, Internal, Confidential, Restricted.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←What is Data Leakage?
Back to Data Leakage Prevention
Encryption Fundamentals→