Data classification is a core component of defining and understanding data that security and risk (S&R) pros must protect, as well as identifying the way employees should handle it and the types of security controls that are necessary. Data classification tools, which include manual (user-driven) and automated classification, help organizations apply metadata tags to sensitive data. In this report, we examine adoption and market trends, the characteristics of firms that have implemented data classification, and methods of making the business case for these tools.