What is sensitive data?
Sensitive data is any type of information that requires protection due to its private or confidential nature according to compliance regulations. It is sensitive because making it public could harm an organisation or a person. Naturally, the specific types of data that are considered sensitive can vary depending on your industry and your local legal requirements. In this article, we’ll talk about sensitive data that falls into two categories:
- Business data
- Personal data
Of course, these are two very broad categories, so let’s get into what they may include. Then, we’ll discuss how you can map and track all of that data to make sure it stays private.
Your sensitive business data
Business data is all the information that supports your company and its operations. Indeed, most of this information should be kept confidential. Why? Because the valuable data you’ve accumulated over the years in the course of business can give you a competitive advantage in your field. And in some cases, you may also be legally obliged to keep business data private. Here are some examples of business data you should keep track of and protect:
Financial information
Your financial statements, budgets, revenue figures, profit margins, investment strategies, or financial projections.
Business plans
Your strategic objectives, market research, expansion plans, product development, or competitive analysis.
Marketing and sales data
Marketing strategies, pricing information, customer acquisition plans, market research and analysis data.
Supply chain information
Your suppliers, vendors, sourcing strategies, procurement processes, and distribution networks.
Research and development (R&D) data
Research projects, product prototypes, technical specifications, testing procedures and more.
Manufacturing Processes
Proprietary methods, formulas, recipes, or techniques used in the production or manufacturing of products.
Partnership or collaboration agreements
Joint venture agreements, licensing agreements, or contracts that contain proprietary or confidential terms.
IT Infrastructure and Security Data
Network configurations, system designs, security protocols, access control mechanisms, and encryption keys.
Internal Communications
Confidential memos, meeting minutes, board discussions, or any internal correspondence with sensitive strategic information.
Trade Secrets
Proprietary algorithms, formulas, manufacturing processes, and other intellectual property.
Legal data
Non-disclosure agreements, court documents, correspondence with legal counsel, and settlement agreements.
Just as it would harm a person if the wrong person gets a hold of their personal data, similarly, it will harm your company if others get access to your business data. So make sure you track and protect all the business data we’ve listed above.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Your sensitive personal data
In addition to your sensitive business data, you probably also store a lot of sensitive personal data. It can be information about your employees, customers, contacts, etc. Some of the personal data you store is PII (Personally Identifiable Information), while some falls under the category of sensitive personal information.
PII includes information such as:
- Name
- Address
- Date of birth
- Place of birth
- Mother’s maiden name
Sensitive personal data includes:
- Race and ethnicity
- Religion
- Political opinions
- Biometric data
- Genetic data
- Sexual orientation
- Health
- Trade union relations
Both people’s PII and their sensitive personal information or special category data is protected by privacy regulations. Do you know where you store this type of information? Your employees’ data or human resources data includes payroll information, benefits data, performance evaluations, disciplinary actions, CVs, and all the private information they contain.
When it comes to customer and client information, you may store it in a variety of places. For example, in customer databases, contact lists, customer preferences, purchase history, or any personally identifiable information (PII) collected from clients.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Protection of sensitive data
Taking all these items into account, there is a good chance that you store loads of business and personal data that is sensitive. Certainly, tracking all of it is a big job to tackle. But it’s crucial to do so. First of all, because it is in your company’s own best interest. Keeping a close eye on sensitive business and personal data helps you keep your competitive advantage and your customers’ trust.
Equally important is protecting your customers, partners, and employees’ privacy. Even more than avoiding fines, the small and medium business owners we deal with care about people’s privacy. Above all, they want to be certain they never leak or expose confidential data in a way that could harm them.
How to map your business and personal data
So how can you track sensitive business and personal data? Ultimately, most companies just don’t have the time to sort through all their data manually. Instead, use a data discovery tool to quickly identify all the critical business and personal files in your systems. At Safe Online we have developed DataMapper – a data discovery tool that can find any type of sensitive data.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
