Personal & Sensitive Data – What is the difference?
When we consider the factors of a data breach breach, we understand that there is some form of personal and sensitive information about ones self that has been exposed without your consent.
But, what determines whether the data exposed is classified as ‘sensitive’ or ‘personal’. As all information about yourself you would deem as personal to you, but to what extent makes the information sensitive? Would you classify your full name, email address and telephone number as ‘sensitive’ data?
Personal data – What is it? Any information which makes you identifiable.
- If your full name is used on a work email then this email address alone makes you easy to identify. (Your name **** who works at **** .co.uk)
- You can also be contacted ‘personally’ via using your telephone number and or email address, therefore, these pieces of information would also be classed as personal information.
- Your physical presence in a place/location will also identify you, therefore CCTV footage and fingerprints will be able to identify you.
List of Personal data attributes:
- A name and surname
- A home address
- An email address
- An identification card number
- Location data
- An Internet Protocol (IP) address
- The advertising identifier of your phone
Sensitive data – What is it? Any information which must be treated with extra security.
- Ethnic minority
- Political opinions
- Religious/philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data (where processed to uniquely identify someone).
Sensitive data such as the above points should be stored separately from other personal data.
For example: Separate data bases should withhold personal and sensitive data separately. These databases should then be password protected and encrypted where possible to prevent hackers being able to access and utilise.
In terms of a data breach claim aspect here at Angelus Law; if a data breach compromises sensitive data and personal data; we would heighten this to the defendant.
We would outline that the more sensitive attributes of the breach which would further identify you as our client; therefore would rank the breach at a much higher level.