In our previous post (Five Simple Steps to Manage the Risk of Handling Sensitive Data) we explored ways you can manage your risk by securing sensitive data. If you recall, the first step was “Know what you’re collecting and why.” Sounds easy enough, but that’s for data you collect. What about data you already have?

In this post, we’ll explore five examples of data that your business probably already handles (because most do).

1. Customer Information

Every business needs to know its customers and probably stores some information about them. This might include names, addresses, identifying information, contact information, and might even include highly sensitive data like payment information or tax returns. When your customers hand over their information, they expect you to protect it carefully. Nowadays, consumers and businesses alike are becoming very aware of where their data is by the repeat headlines of security breaches. Your reputation could be hurt or you could face civil criminal penalties if their data is leaked by your company.

2. Employee Information

Your team is your company’s most valuable asset! When you hire a team member, they entrust you with their personal information. This usually includes their banking information, identity data (social security number etc), and other personal data. Imagine the frustration you would experience if your boss had to tell you that a breach resulted in this highly sensitive information being leaked.


3. Intellectual Property and Trade Secrets

Pretty much every company has – or has access to – proprietary information of some sort. This could be your business plans, schematics, competitive research, unreleased news, and more. This data is a hot target for cybercriminals because a lot of it can be sold for very large sums of money. If the proprietary information that belongs to your company or a trusted partner is leaked, it could cause catastrophic damage!

This category also extends to information that might be protected by non-disclosure or similar agreements. In the event of a breach, you could be subject to significant liability.

4. Operational Data

This is a broad company that encompasses any generalized business data and will vary by industry. For example, if you sell physical products, your sales figures might fit into this category.


5. Industry Specific Data

This covers sensitive information specific to your industry. For example, a law firm needs to closely guard information protected by attorney-client privilege and case information that should not be released. An accounting practice might have a treasure trove of tax returns that need to be carefully protected. In the medical field, health information must be protected according to regulation (HIPAA).

It’s important to note that customers aren’t always aware they’ve provided you information—or where that information is living. For example, patients in a hospital provide information to their health care providers, but if that information is housed through a third-party, the patient may not know that their personal data is susceptible to risk.


This guide should provide you with a good baseline to help you identify sensitive information within your organization. If you need help securing your data, reserve a free business technology assessment here.