Critical data is data that organizations deem essential for success, or data that must be retained for regulatory purposes.
Typical examples of critical data include:
- Customer data, especially personal information that is covered by data-protection laws
- Employee data
- Data concerning vendors and business partners
- Operational data
- Financial data required for auditing purposes
- Any data that can be used for analytics purposes
Every organization must decide which data they consider to be critical. This isn’t exclusively an IT decision – every department needs to be involved in identifying critical data.
How Do Organizations Define Critical Data?
In large organizations, there may not always be an agreement between departments on what constitutes critical data. Some data may only be critical from the perspective of a single team, or even in relation to a single goal
To help focus on the most important information, many organizations use a weighting system to define the criticality of data. This system considers details such as:
- Purpose of the data
- Potential consequences if the data is lost or deleted
- The number of internal stakeholders reliant on the data
- Regulatory requirements for storing the data
- The usefulness of the data for future projects
In practice, this means that there are different levels of criticality that can be applied from data, ranging from most critical to that which is only critical in a specific context.
The most important factors are generally those related to compliance and customer success. If an organization loses data of this nature, it could have an immediate impact on their ability to operate.
Why Define Critical Data?
Most organizations deal with vast quantities of data coming from diverse sources. Quick decisions have to be made about that data, including decisions about what to archive and delete.
Without proper governance, it’s hard to identify the most important data. This can have consequences such as:
- Disruption to customer service
- Compliance failures
- Unreliable analytics results
- Errors in systems dependent on critical data
- Extraneous data being stored longer than required
The organization can also take extra care to safeguard their most critical data, like using strong encryption, limiting user access, or making additional backups.
How is Critical Data Defined?
Critical data is a governance tool, so it can be defined in whatever way the organization requires. Typically, the definition will need to cover things like:
-
What: Name and location of the data element, plus details of the data type
-
Who: Stakeholders for whom the data is critical
-
Why: The purpose the data serves, i.e., compliance, analytics, customer success
-
Where: Source of the data
-
When: The date on which the status of the data was last reviewed
Critical data definitions can change over time. New sources might be critical, while old critical data might no longer be relevant. Ideally, each organization will have a regular review process to keep their critical data definitions up-to-date.