What is Sensitive Data?

What is Sensitive Data?

Table of contents

  1. Examples of sensitive data
  2. What is personal data?
  3. How to measure data sensitivity
  4. What is the impact of unauthorized disclosure of sensitive data?
  5. How to protect sensitive data
  6. How UpGuard can help you protect your most sensitive data

1. Examples of sensitive data

  • Personal information: as defined by the North Carolina Identity Theft Protection Act of 2005, a series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy.
  • Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the US law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.
  • Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.
  • Customer information: as defined by the Gramm-Leach-Bliley Act (GLB Act, GLBA or the Financial Modernization Act of 1999), requiring financial institutions to explain how they share and protect their customers’ private information.
  • Card holder data: as defined by the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is an information security standard that tells organization’s how to handle branded credit cards from the major card schemes.
  • Confidential personnel information: as defined by the State Personnel Act.
  • Confidential information: in accordance with the North Carolina Public Records Act.
  • Personal data: as defined by The EU General Data Protection Regulation (GDPR).
  • Racial or ethnic origin
  • Political opinion
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data
  • Health data
  • Sex life or sexual orientation
  • Financial information (bank account numbers and credit card numbers)
  • Classified information

2. What is personal data?

3. How to measure data sensitivity

What is confidentiality?

  1. Data encryption
  2. Passwords
  3. Two-factor authentication
  4. Biometric verification
  5. Security tokens
  6. Key fobs
  7. Soft tokens
  8. Limiting where information appears
  9. Limiting the number of times information can be transmitted
  10. Storing on air gapped computers
  11. Storing on disconnected storage devices
  12. Storing in hard copy only

What is integrity?

  1. File permissions
  2. User access controls
  3. Audit logs
  4. Version control
  5. Cryptographic checksums
  6. Backups
  7. Redundancies

What is availability?

  1. Maintaining hardware and making repairs immediately
  2. Patching software as soon as possible
  3. Providing adequate communication bandwidth
  4. Fast and adaptive disaster recovery with a comprehensive disaster recovery plan
  5. Safeguards against data loss or interruption during natural disasters and fire
  6. Extra security equipment and software such as firewalls and additional servers that guard against downtime and prevent denial-of-service (DoS) attacks

4. What is the impact of unauthorized disclosure of sensitive data?

  • provide data breach notifications
  • appoint a data-protection officer
  • require user consent for data processing
  • anonymize data for privacy
  • Notification of those affect as soon as possible
  • Let the government know as soon as possible
  • Pay some sort of fine

5. How to protect sensitive data

  • Public information: Information that is already a matter of public record or knowledge
  • Routine business information: Business information that is routinely shared with anyone from inside or outside your organization

6. How UpGuard can help you protect your most sensitive data

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store