Data sensitivity refers to specialized handling required for which types of data?

Data sensitivity focuses on information whose exposure or mishandling could harm individuals or violate privacy laws, so it requires stronger controls. PII is any data that could identify a person, directly or when combined with other information—things like names, addresses, Social Security numbers, and contact details. PHI is health information tied to an individual, such as medical records, diagnoses, or treatment data. Both types carry significant privacy and regulatory risk, so they demand strict protections like access controls, encryption, audit trails, data minimization, and clear handling policies. Public data, in contrast, is information intended for broad sharing and generally doesn’t require the same level of protection. Because PII and PHI require specialized handling to mitigate risk and comply with laws, choosing PII and PHI reflects the data sensitivity concept.