Handling Sensitive Data – CompTIA Security+ SY0-501 – 5.8

Different types of data need to be uniquely managed. In this video, you’ll learn about labeling sensitive data and some common sensitive data types.

<< Previous Video: Data Destruction Next: Data Roles and Retention >>


In your organization, you’re going to be working with lots of different kinds of data. But not all of the data has the same level of sensitivity. For example, a license tag number may not be as important to keep confidential as someone’s health records. Different types of data need to have different types of security and handling associated with them. There may be additional permissions that you add to a particular type of data or they may be different business processes that you have in place that would then allow someone access to that data.

Some of the data in your environment may be public or unclassified. This means that anybody could gain access to the data and there would be no restrictions on anyone being able to view that information. Other types of labels may be a bit more restrictive, such as private or classified. You might have internal use only. This would be data with restricted access that you would only provide or allow someone else to see if they had a non-disclosure agreement in place.

Or you might have confidential data, which would be very sensitive data that only certain people might be approved to be able to access. Data that’s the personal property of an organization is called proprietary data. This might be trade secrets or things that only that organization is privy to. This is data that you usually don’t find somewhere else. It’s usually customized and created solely by that organization.

Another type of sensitive data type is PII, or personally identifiable information. This is data that can be used to identify an individual, something like your name, or your date of birth, or a biometric reading would be something associated with PII. If you work in health care, then you work with PHI, or protected health information. This is medical information that can be associated with a person. Your health care records, the payments that you’ve made for your health care, your insurance information, and other details about your medical care are part of PHI.