Simplistically, data and information are related but not the same. Just for the sake of this discussion, lets define data as bits, bytes, and types of files; whereas, information is the value to the organization in terms of usage (i.e. customer records, financial records, intellectual property, personal identifiable information (pii), executive communication, etc.). As the need for storage of data and information continues to escalate, organizations must look to classify information. Many industry experts might even say it is a critical step to survival, if not simply transformation. Multiple strategic components of an overall IT strategy depend upon Information Classification such as cyber security, data loss prevention, and so on. Thus, Information does have a lifecycle.
Certain vendors have coined and defined the phrase information lifecycle management (ILM). Unfortunately, this was a perversion of the truth behind the marketing. They used a valid element within the construct of IT Strategy to sell more storage, diversifying revenues across their portfolio. It is not as simple as placing data across multiple storage platforms or tiers. The process, if done correctly, is not trivial. The actual determination of classes is only the beginning. Applying it to an existing environment can be daunting. However, the transformation of an organization depends upon successful completion.
Information Policy has direct linkages to data management, architecture, engineering, and operations in so much as information has linkages to storage, data protection, organization, and security. A risk assessment must establish the business value, revenue relationship, confidentiality, and security elements to understand the impacts on compliance, availability, operations, and finance. We can no longer simply relate to whether information is transactional, reference, service, analytical, or operational. We must consider the greater impacts and bigger picture. It is very similar to Business Continuity Planning (BCP) as a cascading effect on an organization.
Ironically, understanding the bits and bytes only goes so far. How they (bits and bytes) relate to the overall management of the business is crucial. This is where many organizations fall short. They look to one department or another to “make the call”. Unfortunately, this leads to decisions without all of the facts, for instance legal deciding to keep everything just in case for discovery. While this might be a perfectly good decision, often it is made without the construct of information classification and an understanding of the impacts (i.e. escalating infrastructure costs to house all of the information indefinitely).
The level of depth taken only enhances the ability of an organization to be agile, cost effective, efficient, simplified, and rigorous. So, you can take things to a much more granular level. The level of acceptance within your organization will dictate at what level of granularity you can go today. Nonetheless, Information Classification is a must, especially as organizations search for greater differentiation from their competitors. Breaches, hacks, and disaster are only a few of the vulnerabilities ignored. This ignorance will no longer be tolerated as governance regulations continue to make it the fudiciary responsibility of the board of directors and executives within an organization to address risk.