"Quite often in the past, government agencies have gotten bad publicity when individually unclassified bits of information were made public [and led to] huge headlines," Pescatore said. Therefore, there's a natural tendency to sometimes over-classify data within government agencies, he said.
There is also a tendency by government agencies to overestimate the cost of protecting classified data, Pescatore said.
Government agencies at times also underestimates the risks and costs associated with not classifying data properly, Pescatore said.
"When the Web first reached government use, many government agencies put unclassified floor plans, phone lists [and other data] on their websites," he said. "When it was pointed out that this made it much easier for terrorists to plan, they had to remove all that," resulting in some very real, but often, underestimated costs, he said.
"So, I think there is perennial overhype about over-classification and perennial denial about the real need for "need to know" controls," for accessing classified data, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed. His email address is firstname.lastname@example.org.
Read more about government/industries in Computerworld's Government/Industries Topic Center.