G.I. Joe taught us that knowing is half the battle. When it comes to data, it seems that more than a third of companies are losing that half. According to a recent survey by consulting firm Protiviti, 37% of companies have no system for properly classifying their data. They simply don’t know what their data is. So if they suffer a data breach, they may not know whether the exposed information is sensitive, confidential or public. This presents a problem since penalties and legally mandated courses of action following a breach can differ based on what type of data is exposed. Health or financial information, for example, comes with stricter guidelines than, say, entries that merely list a customer’s zip code. The other issue that these findings highlight is that many companies still don’t fully understand what their priorities should be regarding data protection. With the massive volume of data produced these days, it makes little sense to use the most rigorous means of protection on everything. The costs are simply too high. Instead, according to Protiviti, organizations should classify their data and devote their resources towards keeping the “data that presents the greatest risk if exposed through a breach” under the tightest lock and key.