What Is Data Classification

Data classification means organizing your data based on how private or risky it is which helps you decide what kind of protection each type of data needs. Not all data needs the same level of security as some can be shared freely, while others must be protected at all costs.

The 3 Types of Data

Public Data

Information that is safe to share with anyone.

Examples:

• Published posts
• Public social media bios
• Event flyers
• Organizational mission statements

Threat Level: Low

Protection Needed: None or minimal.

Personal Data

Information that relates to you as a person, but may not be immediately dangerous if leaked. However, it can still be used to track, target, or profile you.

Examples:

• Email addresses and usernames
• Personal photos (not compromising)
• Education or work history
• Contact lists

Threat Level: High

Risks: Identity theft, surveillance, phishing, profiling

Protection Tips:

• Share only with people who know you personally
• Tweak privacy settings on social media
• Avoid using your personal email across many services
• Remove metadata from photos when possible (ExifCleaner).

Sensitive Data

Information that, if exposed, could cause harm emotionally, legally, financially, or physically.

Examples:

• Passwords and PINs
• IDs, bank or legal documents
• Private messages and images
• Health or financial details

Threat Level: High

Risks: Doxxing, blackmail, fraud, harassment, legal issues

Protection Tips:

• Use encrypted messaging apps and secure storage (e.g. Cryptomator, Proton Drive, Signal)
• Avoid storing this kind of data on cloud services without encryption (Personal Google Drive)
• Share only over trusted, secure channels
• Delete it when it’s no longer needed
• Use strong passwords and password managers to protect it (e.g. BitWarden)

Common Data Threats

• Phishing & Social Engineering: Tricking you into revealing data
• Malware or Device Theft: Compromised or stolen devices
• Cloud Misuse: Uploading sensitive files to insecure platforms
• Human Error: Sending info to the wrong person, oversharing online
• Poor Passwords: Easy-to-guess passwords exposing your accounts

How to Classify Your Own Data

Ask yourself 3 questions:

• Could this harm me or others if leaked?
• Could this expose my real identity to the public?
• Does it contain sensitive information (whether personal or not)?

If the answer was yes to any of the questions → It’s sensitive and/or personal

If not → It’s public

If Your Data Gets Exposed

• Change passwords immediately in case of a compromise
• Let affected people know
• Take down exposed content if possible (Reporting it to the relevant platform)
• Report to authorities and/or CSOs like 7amleh if needed
• Consider wiping or restoring affected devices

Further Reading

• https://tacticaltech.org/resources/data-detox-kit-virtual-valuables/
• https://tacticaltech.org/resources/glass-room-hands-on-data/
• https://gendersec.tacticaltech.org/wiki/index.php/Complete_manual
• https://tacticaltech.org/projects/data-detox-kit/
• https://dsc.7amleh.org/
• https://7or.7amleh.org/