Cybersecurity Glossary: Sensitive Data (Information)

Sensitive information is data that must be guarded from unauthorized access and unwarranted disclosure in order to maintain the information security of an individual or organization. Unlike public information, this sensitive information is not collected from unrestricted directories, and does not include any information made lawfully available to the general
public from government records. This means that exposure of sensitive data can potentially cause financial or personal harm.

There are three main types of sensitive information:
Personal Information: Also called PII (personally identifiable information), personal information is any data that can be linked to a specific individual and used to facilitate identity theft. For example, knowing a person’s Social Security number and mother’s maiden name makes it easier to apply for a credit card in his or her name, and knowing the person’s passport and visa number makes it easier to create a false document.
Business Information: Sensitive business information is any data that would pose a risk to the company if released to a competitor or the general
public. For example, information such as intellectual property, trade secrets, or plans for a merger could all be harmful to the business if it fell into a rival’s hands. In addition, the breach of sensitive business information — such as customer and supplier records or cardholder data — would have substantial financial penalties. The company would have to spend money on responding to and recovering from the breach, and its reputation would fall among its stakeholders and customers.
Classified Information: Classified information is data that has been intentionally kept secret at a governmental level. It typically belongs to a certain tier of sensitivity (restricted, confidential, secret, or top secret)
that limits the people who have access to the information. Just as the release of sensitive personal and business information could cause personal or organizational harm, the breach of classified information has the potential to seriously endanger a government’s objectives and international standing.

View Cybersecurity Glossary