Information sensitivity determines who should have access to information, in which circumstances, and when. If data could potentially compromise an individual or organization in some way, it is more sensitive, and needs to be handled with care. Organizations with special information needs may have a sensitivity policy to familiarize staff with the issues and increase the security of their data. In some cases, it may be necessary to sign the policy to indicate understanding before people can access information.
Data held by an organization in electronic or physical files may be assigned one of several ranks based on the level of sensitivity. Some information doesn’t compromise companies if it is public, and may, in fact, offer a number of benefits. For example, universities publicize enrollment numbers, making them available to anyone who wants to know, at any time. Other information has a potential to be sensitive in some circumstances and might need to be kept confidential. Degrees of information sensitivity can vary.
Organizations with concerns about information sensitivity need to think about who should be authorized to view information, and what should happen if unauthorized personnel gain access. Enrollment details for college classes, for example, are potentially sensitive, and should be limited to instructors, teaching assistants, administrators, and academic advisers. In special circumstances it might be necessary to share it with other organizations, like librarians who want to determine if a student should have access to a class resource, or mental health professionals who want to work with a student who is experiencing distress.
Some professions traditionally have a high level of information sensitivity. Doctors, attorneys, and religious officiants cannot share information provided in confidence, and rely on this protection to access accurate information they can use to help people. Patients might not be open about symptoms and history, for example, if they think their doctors will share this with the rest of the world. Likewise, attorney-client confidentiality allows clients to talk frankly with their legal advisers about issues without needing to worry about being penalized for it.
Government jobs can also come with a high level of information sensitivity, as can those in research and development with large companies. In both cases, information could compromise an organization as a whole by highlighting vulnerabilities, warning competitors, or ruining a plan. Penalties for breaches might include being fired or charged in court, depending on the nature of the disclosure and the circumstances. These enforce the sensitivity policy, providing an incentive for people to adhere to it.