The scope of our efforts and the controls required for data security change as what we consider sensitive data and data environments change. This report outlines how to think about data security today to bring clarity to your efforts, highlights new considerations for your scope of focus, and distinguishes between three key types of data risks. It also examines measures to take to further advance your data security program.