Did you know data classification is a critical component of a comprehensive data governance program? Gartner defines data classification as, "the process of organizing information assets with an agreed-on categorization glossary, enabling effective and efficient prioritization for information governance policy spanning quality, security, access, privacy, storage and retention," (Improving Data Security Governance Using Classification Tools, March 21, 2018). Focusing on “what” data exist and “where” they are is critical to responding to a changing compliance and security landscape. In addition to the classifications such as “public,” “restricted,” and “highly restricted,” data classification should include information about where the data resides and what controls are in place to protect it. Different tools and strategies exist to assist with classification (e.g. metadata), but starting simply within a data governance group to prioritize the classification high-risk data can be undertaken without the perfect toolset.