Every business, whether large or small, collects some form of sensitive data. In this blog post and video, we explore what sensitive data consists of, the four levels of data sensitivity and how your business can keep your confidential data protected.

What is Sensitive Data?

Sensitive Data is described as any classified information that requires permission to be accessed. This can include personal data, business data, financial data as well as government information. With federal laws and regulations surrounding sensitive data, businesses must take the proper steps to protect any classified data they have.

Some of the most noteworthy sensitive data that businesses collect are PII (Personally Identifiable Information) and PHI (Protected Health Information). Not all data is the same however, see below for the 4 different levels of sensitive data.

4 Levels of Data Sensitivity


Low (Public Information)

Public information is the lowest level of sensitive data and is available to the public. This type of information can include press releases, directories, business proposals, website content, marketing material etc.

Moderate (Internal)

Data that has moderate sensitivity reflects information that is accessible to internal employees or those that have granted access. This can include travel documents, memos, internal communications, business plans and more.


High (Confidential)

Confidential data has the third highest level of sensitivity. Confidential data relates to personal and private information such as financial information, social security numbers, IT Security etc.


Restricted data has the highest level of data sensitivity and is often referred to as information that is ‘need-to-know’. This data includes, credit card details, PII, data protected by state or federal privacy regulations and employee health information to name a few. If restricted data becomes compromised, businesses could face legal fines or even criminal charges.

How to Handle Sensitive Data

Every business should have an understanding of how their information is collected, stored, and distributed. Having a clear blueprint of data collection will give business owners and IT admins better insight into what security measures need to be put in place to lock down certain data.  Questions that business owners and IT admins should ask are: where is my data located?, how is my data stored?, how does our data move physically or digitally from one domain to another? how is our data secured? what are the liability costs if certain data gets compromised?

Knowing this information can help you and your team put the proper safeguards in place to protect against Cybercriminals who are working every day to try and compromise data. Take a look below at some quick tips to help you and your business protect your sensitive data.

Tips for Protecting Sensitive Data:


Determine what data you are collecting, where it’s being stored and who has access to that data


Classify your data using the 4 data sensitivity levels: Low, Moderate, High and Restricted


Ensure that laws and regulations are being followed pertaining to restricted data, ex- HIPPA laws, privacy laws etc.


Perform a risk assessment or penetration testing to determine if your data can be breached 


Put security measures in place to safeguard data BEFORE your information is compromised  

Does your business or organization need assistance with securing your sensitive data?  GraVoc provides expert Information Security services including Governance, Risk and Compliance (GRC) Services to businesses nationwide. Click the button below to learn more about our services and how we can help. 

Related articles

Pin It on Pinterest

Share This