To start off, the group discussed their various successes and failures in trying to use data classification. What they determined is that while it’s still not widely employed, there are some techniques that have worked particularly well. Keeping it simple with models like PCI, PII and data governance and analytics worked best for most of the execs and teams. Discussions around structured versus unstructured databases were also had. Some companies tried to make their organizations more aware of data classification through regular email campaigns and teaching sessions. These methods had some mixed results. It’s a process that many CISOs are still fighting to get their organizations and employees to understand, but the group agreed that it is improving slowly but surely through incentivization and gamification. The group all agreed that data protection methods are vastly more present today than they were 15 years ago, however many of the methodologies used haven’t changed too much in that span of time.