Data Classification: Balancing Threat and Efficacy in Data Management


August 29, 2023

Daffodil Santillan

In the complex world of data management, understanding data classification is critical, as highlighted by the Asian Development Bank and Amazon Web Services Institute. This process plays a pivotal role in data sharing and security, effectively balancing the need to protect sensitive data against potential threats. 

Without proper classification, there is a risk of mishandling sensitive data, leading to breaches or unauthorized access. To mitigate this, data classification serves as the frontline defense, categorizing data into different tiers based on their security requirements.

In the Philippines, there are three tiers of data classification, each representing a different level of threat and requiring unique protective actions: 

1. Tier 1: Non-sensitive Data – This tier houses public information with a relatively low perceived threat. Data in this category can be stored on any accredited public cloud, either domestically or internationally.

2. Tier 2: Sensitive Data – The perceived threat increases in this tier, as it contains sensitive data like financial and medical records. The protective action required involves storing the data securely on an accredited public cloud or a secure government cloud, with additional encryption for enhanced protection.

3. Tier 3: Highly Sensitive or Above-Sensitive Data – This tier represents the highest threat level, containing classified information such as vital military and diplomatic data. The protective action mandates robust measures, requiring storage on private clouds in on-site facilities or data centers within the country.

While managing threats, it is crucial not to over-classify, as this could lead to data localization and potential hindrance to foreign investment. Thus, finding a balance between threat and efficacy is essential.

In the era of stringent privacy laws like the EU’s GDPR and California’s Consumer Protection Act, efficient data classification becomes a requisite action. It helps organizations fulfil legal obligations regarding personal data access, erasure, or amendments.

The Philippines offers a commendable example of a threat and efficacy-balanced data classification system. The existing model is simple yet effective, maintaining minimal tiers with specific guidelines for each. A well-balanced and robust data classification strategy can enhance data security, promote operational efficiency, and ensure compliance with international regulations.


Asian Development Bank & Amazon Web Services Institute. (2022). Data Management Policies and Practices in Government. Asian Development Bank.

Share This