What Is Sensitive Data & Why You Need To Protect It

Vendor Risk Management

What Is Sensitive Data & Why You Need To Protect It
Written by Brian Thomas October 24, 2022

As a security professional navigating the new challenges constantly cropping up in cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Sensitive data is critical, safeguarded information. Different information can be considered sensitive depending on the industry, but in general it can be anything your organization, your employees, your customers, or your vendors would expect to be private and protected.

Below, we’ve outlined five examples of sensitive data your organization likely handles—and a few key ways to protect it from evolving cyber threats.

  1. Customer information
  2. Employee information
  3. Intellectual Property & Trade Secrets
  4. Operational & Inventory Information
  5. Industry-Specific Data

5 Common Examples Of Sensitive Data Flowing Through Your Network

1. Customer Information

Customer information is what many people think of first when they consider sensitive data. This could include examples of customer data like:

  • Full names 
  • Home addresses
  • Phone numbers
  • Payment card information
  • Bank account information
  • Social security numbers
  • Emails
  • Health information
  • Social media accounts
  • Drivers license numbers
  • Application attributes, and more.

2. Employee Data

Employee data is, in many ways, similar to customer information. You have your employee’s names, addresses, and social security numbers, and you may also have their banking information (for payment purposes), usernames and/or passwords used for company logins, or data associated with a credentialing process. This is sensitive information, making it critical for organizations to store it safely. Other examples of sensitive employee data can include:

  • Federal Tax IDs
  • VISA information
  • Veteran and disability data
  • Health insurance information
  • Confidential data privileges
  • Office addresses

A prime example of sensitive data’s real-world vulnerability is the unemployment fraud that occurred during COVID across the US when thousands of fraudulent unemployment claims were filed by hacksters with access to citizens’ private information. This caused disruption not only in individuals’ lives but also internally for companies who were penetrated by hackers seeking employee information they had left unprotected, leaving them vulnerable to financial and operational losses while they worked to help their employees.

3. Intellectual Property & Trade Secrets

Nearly every company has proprietary information stored in their network, with a third party, or in some kind of document management system. If you develop software, this could be code. If you’re a hardware developer, this could be schematics.

This example of sensitive data could also extend to product specifications, competitive research, or anything that would fall under a non-disclosure agreement with a vendor.

Specifically, let’s say company A is developing a phone and company B is helping with a design component. If company B is breached, company A is vulnerable to having sensitive information exposed—which could be catastrophic.

4. Operational & Inventory Information

This example of sensitive data includes any generalized business operations or inventory figures. For businesses that sell physical products, it’s likely they don’t want sales figures disclosed publicly or accessed by their competitors. Sensitive data is not always personal or individual data, but company-wide information that could impact business decisions, reputation, and operations if exposed.

5. Industry-Specific Data

Depending on your industry, there may be specific examples of sensitive information you need to protect. Those in retail have to focus on protecting customers’ payment data, whereas those in the healthcare sector have to focus more on protecting digitally-stored medical records, medical research data, to name a few.

This list certainly is not exhaustive, but is meant to get you thinking about what types of should be considered sensitive data. From obvious examples like proprietary source code, information on legal case, to seemingly insignificant information on where employees park could all be targeted depending on your organization.

It’s also important to note that customers aren’t always aware they’ve provided you information—or where that information is living. For example, patients in a hospital provide information to their health care providers, but if that information is housed through a third-party, the patient may not know that their personal data is susceptible to risk.

Ultimately, it is up to you and your organization to determine what data is the most sensitive and what can be done to minimize the threats to it.