General discussion


What is sensitive data?

By jairo_leiva ·
I'm trying to find a definition of what sensitive data is, can someone help?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

An example of sensitive data

by davegaurav In reply to What is sensitive data?

As such it is difficult to give a comprehensive definition of "sensitive data", you can consider all that data to be sensitive which carries great importance and is quite possibly confidential. Your credit card number can be an instance of that. Hope this general definition will suffice and will trigger more specific ones.

Collapse -

Groups of sensitive areas

by generalist In reply to What is sensitive data?

Consider groups of sensitive data:

One concerns personal privacy. Here such things as Social Security Numbers, credit card numbers, passwords, medical history, debt history, purchase history and other items must be considered sensitive. Figure that if the data can be used for identity theft, or blackmail, it is sensitive.

Another area is business competition. Trade secrets, customer lists, marketing plans, R & D results, lawsuits and other items like this must be considered sensitive.If the data can be used to gain an competitive advantage or to tear a company down, it is sensitive.

When it comes to the military side of things, let the military decide what they consider to be sensitive. They are relative experts at it, though they sometimes accept suggestions if you know of potential leaks.

Collapse -

Excellent reply!

by admin In reply to Groups of sensitive areas

My first thought was that it really varies a lot depending on the business you are in, but your groupings are very helpful. :)
An article I would like to find at some point would have some cost-benefit analysis with some real-life scenarios to present at the company I primarily work for. i.e. x number of Social Security #'s were stolen @ company N and the cost to the company was y or some-such.
One of the things I run into is users who want all information protected and managers who don't see a cost benefit and therefore won't allocate resources to this. i.e. "Won't the credit card companies pay for any problems? I had my number stolen and they reversed the charges" etc. (of course you can see the different $ perspective here -users maynot be able to afford to cover themselves financially as long as the decision makers can) Anyway.... excellent answer. :)

Collapse -

Sensitive vs Cost/Benefit

by colink In reply to Excellent reply!

There are a whole raft of issues to consider when trying to understand and classify sensitive information (or data).
You need to consider the context in which the info is used for your business. Is it relevant only to a particular section, or does it affect everything the company does?
Next consider the impact if the information is not available. Would it stop the section from working, or could they work around it? What about the company? Would you bet the business on it?
Next consider the impact if it waspublic knowledge - anyone in the company could access and use it? Anyone from the public?
Next consider that, if it is important to the company, is your competition likely to have it also? If they likely don't have it does that give you market point advantage?
Group the information loosely, and then rate them in these categories. You wil be suprised how easy it is to come up with real figures on cost benefits. But be conservative, none the less. Then present it to the company board and you will get policies through really quickly!

Related Discussions

Related Forums