Download eBook (PDF) - Red Gate Software

CHAPTER 1: UNDERSTANDINGSENSITIVE DATAData is a form of currency. As members of society, we provide informationabout ourselves to gain access to services and goods that we desire. We collectinformation about others in order to market our services and obtain verificationof identity. As Database Professionals it is our lifeblood. We labor daily tostore, backup, transfer, transform, share, report, analyze and protect data.Ultimately, our primary concern is protection of the data's integrity, availabilityand confidentiality.In order to effectively protect our sensitive data, it is critical that we understandthe characteristics that define that data as being sensitive. In this chapter, wewill explore the characteristics that make data sensitive, present specificexamples of sensitive data and discuss some of the weapons available to theDatabase Administrators that are employed to protect it.What Makes Data Sensitive?Subjectively, sensitive data can be defined simply as information that theholder does not wish to share publicly. A wild array of information could fallinto this category, depending upon the motivation of the holder at any giventime. This could include the refusal to supply their phone number, birth date, ortheir adoration of a not-so-popular celebrity.Objectively, there are laws, regulations and industry standards that provide asolid framework for defining sensitive data. A few examples of these are theUnited Kingdom's Data Protection Act of 1998, Canada's Personal InformationProtection and Electronic Information Act and the United States Department ofHealth and Human Services' Privacy Rule of the Health Insurance Portabilityand Accountability Act.Personal, Identifiable and Sensitive DataThe terminology used when referring to the protection of information can beconfusing. Gaining an understanding of the subtleties of these terms willprovide the clarity needed to identify the sensitivity of our data.19