Data security breaches can have a significant impact on an organisation’s reputation. We look at how the threat landscape has changed for businesses. We introduce a data-centric approach to security which involves users themselves in classifying information. We then introduce a practical guidance on how to take the first steps in deploying an organisation wide user-driven data classification policy. We also look at the drivers behind the change both technical and cultural, and the challenges involved in managing, controlling and protecting data. We are happy to provide an overview of the challenges we face in this whitepaper.”]