Definition - What does Sensitive Information mean?
Sensitive information refers to privileged or proprietary information that only certain people are allowed to see and that is therefore not accessible to everyone. If sensitive information is lost or used in any way other than intended, the result can be severe damage to the people or organization to which that information belongs.
Sensitive information may also be called a sensitive asset.
Techopedia explains Sensitive Information
Some examples of sensitive information are as follows:
- Personal information, including Social Security Number and bank credentials
- Trade secrets
- System vulnerability reports
- Pre-solicitation procurement documentation, including work statements
- Computer security deficiency reports
According the Computer Security Act of 1987, organizations must be held responsible for protecting their own sensitive information by providing one or more of the following:
- Confidentiality: Sensitive information should only be accessible to those who are allowed to see it, not just those who wish to see it.
- Integrity: Unauthorized users should not be able to make changes to the information, thus compromising its integrity.
- Availability: Information must be accessible during a certain time and may not be destroyed during that time frame. People with permission to view the data must be able to view it.
The Computer Security Act also requires federal agencies to identify their computer systems that contain sensitive information, establish training programs to increase security awareness, and establish a plan for the security of each computer system with sensitive information.
Sensitive information is not the same as classified information, which is a type of sensitive information in which access is governed by law.
Some sensitive information is called sensitive unclassified information. This is information that needs to be protected, but does not require strict classifications, such as those used for national security information.