Confidential Vs. Sensitive

This week in my Information Security class one of our assignments was to come up with definitions of confidential and sensitive information and list some examples.  I guess I never looked at them as falling in two different categories until now.  So today, since I work at a university, I will be showing you all the difference between confidential and sensitive data within a university setting along with examples.

Confidential Data  is stated to be institutional data for which there is a legal obligation not to disclose. These data elements require the highest levels of restriction due to the risk or harm that will result from disclosure or inappropriate use.

Eamples:

• All federally protected data
• Social Security and credit card numbers

Sensitive Data is stated to be institutional data that is not legally protected, but should not be made public and should only be disclosed under limited circumstances. Users must be granted specific authorization to access since the data's unauthorized disclosure, alteration, or destruction may cause perceivable damage to the institution.

Examples:

• All information identifiable to an individual (including students, staff, faculty, trustees, donors, and alumni), including but not limited to dates of birth, driver's license numbers, employee and student ID numbers, license plate numbers, and compensation information.

 

References

Sensitive vs Confidential. (n.d.). GHSU | Georgia Health Sciences University. Retrieved March 30, 2013, from http://www.georgiahealth.edu/faculty/orientation/itss/Sensitive.html