Common Types of Protected and Sensitive Information

Published by Joe D on

  1. Personally Identifiable Information: Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.[i]
  2. Protected Health Information: The Privacy Rule defines PHI as individually identifiable health information, held, or maintained by a covered entity or its business associates acting for the covered entity, which is transmitted or maintained in any form or medium (including the individually identifiable health information of non-U.S. citizens). This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse.  For purposes of the Privacy Rule, genetic information is considered to be health information.
  3. Personally Identifiable Financial Information: Personally identifiable financial information (PIFI) is any information that a consumer provides to a financial institution that would not be available publicly. PIFI enables the unique searching, identification, and validation of a person’s financial information through a specialized database and/or system.  PIFI may include information such as an individual’s name, contact details, bank account number, credit card number, Social Security number, etc.[ii]
  4. Card Holder Data/Payment Card Industry (PCI) Information: At a minimum, cardholder data consists of the full Primary Account Number (PAN). Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code.  Security-related information (including but not limited to card validation codes/values, full track data (from the magnetic stripe or equivalent on a chip), PINs, and PIN blocks) used to authenticate cardholders and/or authorize payment card transactions are additional data elements that may be transmitted or processed (but not stored) as part of a payment transaction.[iii]
  5. Confidential Information: “Confidential Information” means any nonpublic information pertaining to a company’s business. Confidential information includes information disclosed by company to you, and information developed by you and learned during or as a result of your employment with company, which you also agree is the company’s property.[iv]
  6. Intellectual Property: Knowledge, creative ideas, or expressions of human mind that have commercial value and are protectable under copyright, patent, service mark, trademark, or trade secret laws from imitation, infringement, and dilution. Intellectual property includes brand names, discoveries, formulas, inventions, knowledge, registered designs, software, and works of artistic, literary, or musical nature.  It is one of the most readily tradable properties in the digital marketplace.[v]
  7. Confidential Unclassified Information – “CUI” is a government classification and is defined as information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies.[vi]
  8. Sensitive Information: Sensitive information is defined as information that is protected against unwarranted disclosure. Access to sensitive information should be safeguarded.  Protection of sensitive information may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations.[vii]








Categories: Uncategorized