In this data-driven world, we approached data from a complex systems perspective and assigned 5 data domains or “faces” as follows: Form Factors, Applications, Categories, End-Users, and Scale.  In Part 1 – Form Factors,[1] we identified some of the data devices through which data impacts upon us, and we impact upon the data.  In Part 2 – Applications,[2] we looked at the tools we use to collect, collate, and manipulate that data.  Now, in Part 3, we look at some of the different “Categories” of this Data.



These are the different ways in which we describe, define, and otherwise compartmentalize our data, in order to make it more malleable, manageable, and ultimately intelligible.

Level 2 (management): At this level, we have placed just two options: (i) an Externalized one for aggregation and analytics; and (ii) an Internalized one for commoditization and consumption.  In the first category, we have the original “Big Data” as collected, which is then aggregated and analyzed in various ways, by person and/or by machine.  It is the end-product in pieces, predictions and prognostications, or printouts, which is then packaged into more manageable morsels for the ultimate consumer.  That ultimate consumer can be any or all of a business, an individual or group, or a government or government agency.

Level 3 (security): As our focus is on the categories of data in a general sense, this “security” level will differ somewhat in its focus on the base-level “non-controls” or “intentional security lapses” that can now generally apply to data in three different spheres.  These, collectively termed “EULA3” or “EULA Cubed“,[3] are: (i) End-User Legal Authority; (ii) End-user License Autonomy; and (iii) End-User Leveraged Ability.  The first refers to the copyright exemption-like authority now permitting many end-users to further customize and develop commercial off-the-shelf software, such as screensavers, skins, avatars, and general gaming applications.[4]  The second refers to the various degrees of autonomy from traditional and restrictive use and geographic licensing that some consumers have, by using unlocked data devices – whether lawfully or not so lawfully unlocked.  This can range from having data devices function to reach data from geographic locations where they would not otherwise have been functioning; through number or service portability and the freedom it provides from multi-year service contracts with single providers; to opting-out of otherwise automated software updates and pre-sale software bundling.[5]  The third refers to the enhanced data-centric abilities that end-users now have as a result of the interconnected nature of data and the many faces of data.[6]  With the increasing expanse and depth of social media and apps for almost anything thinkable and unthinkable, there is no longer really any such thing as “use only as recommended”, because many future uses (Applications) of today’s data devices (Form Factors) – and of the data itself, are yet to be set-down or even known, and whether or not lawful where or when so ultimately used.

Level 4 (provenance): On this level, there are four categories for the origin of the data.  These are Social, Business, Personal and Government.  (i) Social as a source category, can include anything and everything ever put online.  (ii) Business as a source category, can include any and all personally identifiable, preference, contact information, and other data (personal data) voluntarily or involuntarily provided to a business by a consumer, or by another business.  Some restrictions on resale and usage, or transfer by and between internal divisions may apply, as per the entity’s Privacy Policy.  However, there can be exemptions for certain categories of data; additional concessions and goodies, such as rebates and special offers can be provided to customers who give the data custodian company carte blanche with regard to their provided data; and, of course, there are those instances where things go wrong or misplaced, or when careless business moves and messy business bankruptcies lead to provided data finding its way into dumpsters,[7] pawn shops,[8] second-hand and auctioned goods,[9] and to provided data being otherwise exposed through data breaches.[10]  (iii) Personal as a source category, may include spoken or written communications, non-verbal cues, and the contents of a lost wallet, purse, form factor, or mass storage device.  Finally, (iv) government as a source category, encompasses all the information that a government has (or could possibly have) on the individual or the business within its jurisdiction (or data-reach), for whatever reason, and from whatever other or intermediary origin point.

Level 5 (attack surfaces): As with the prior data domains covered – Form Factors and Applications – there are myriad, overlapping, and ever-multiplying attack vectors.  Here, we will merely identify the five transitional steps as attack surfaces within data categorization, where attacks may occur.  These are, at: (i) creation, collection, and collation; (ii) tokenization, encryption, and manipulation; (iii) storage and access; (iv) transmission and transportation (whether actual or virtual); and (v) disposal and destruction.[11]

Level 6 (aggregation): Finally, and just as with Applications, all Data “Categories” levels can be found and aggregated across the same 6 spaces as identified for Applications.  These are: (i) Cloud API; (ii) Datacenter; (iii) In-house server; (iv) workgroup; (v) single system desktop or laptop, social media, or gaming console/application; and (vi) mobile, to include tablet, smartphone, and wearable-tech.


The depth and breadth of Data as a complex system continue to be enhanced by the interactions of its five Domains, and of the many faces therein. Having now considered Form Factors, Applications, and Categories, our next and penultimate installment will consider the “End-Users” Data Domain.[12]



Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example:  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in legal, technological, and societal milieux.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example:

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

[1] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors).  Published on, November 1, 2013.  Online: ><

[2] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 2 – Applications).  Published on, December 27, 2013.  Online: ><

[3] Ekundayo George.  Ctrl-Shift-Del: 2013’s Top 5 Technology Trends for Consumers (at section z:  “End-User Legal Authority/ License Autonomy/ Leveraged Ability (EULA3, or cubed)”).  Posted on, March 16, 2013.  Web: ><

[4] Id.

[5] Id.

[6] Id.

[7] Chris Saldana, Reporter.  Dumpster Full of Personal Information Discovered.  Posted on, September 18, 2007.  Online: ><

[8] Danielle Walker, Reporter. Doctor’s stolen laptop found at pawn shop; data of 652 patients exposed.  Posted on, April 1, 2013.   Online: ><

[9] Joe Willis, Regional Chief Reporter.  Workers’ personal information found in cabinet sold at auction.  Posted on, August 5, 2013.  Online: ><

[10] Sean Sposito.  Data breaches: It’s likely to happen to you. Published on, January 28, 2014.  Online: ><

[11] The 3 customary data state categorizations of: (A) Data at rest; (B) Data in use; and (C) Data in motion, are too limited for the purposes of our schema, and any comprehensive implementation of a Data Loss Prevention (DLP) regime.

[12] See Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 4 – End-Users)Posted on, April 9, 2014.   Online: ><

%d bloggers like this: