What are sensitive data?
Sensitive data contains information that must not be unintentionally disclosed:
- for legal or ethical reasons
- due to proprietary considerations
- due to environmental or cultural considerations
Types of sensitive data
Personal data
Personal data relates to a living person who can be identified:
- directly from that information
- or indirectly through a combination of information
Directly identifiable data clearly identifies an individual. This could include name, address, email address, location data or certain online identifiers.
Indirectly identifiable personal data does not directly identify an individual. But, it might do so in combination with other information. Examples include:
- car registration number
- national insurance number
- or a combination of significant criteria such as age, occupation, or address
Special category data
Special category data is more sensitive and requires extra protection. This includes information about an individual’s:
- race or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetics
- biometrics (where used for ID purposes
- health
- sex life or sexual orientation
Criminal Offence data
Criminal offence data is personal data about criminal convictions, offences or related security measures. Criminal offence data requires extra protection. The use of this data could risk the rights and freedoms of individuals.
Culturally sensitive data
Culturally sensitive data is data that:
- may cause harm to an individual or community
- may have a significant negative public impact if released.
Environmentally sensitive data
Data can be environmentally sensitive if it relates to the location of rare or endangered plants, animals or vulnerable ecosystems.
Commercially sensitive data
Commercially sensitive data has the potential for commercial application. A restrictive commercial research funding agreement may apply to it.
Publishing sensitive data
It is important to remember that you do not have to share data if it is legally and ethically wrong to do so. You must have the authority or permission to share your data.
It is recommended that you design any data collection to ensure data can be publishing wherever possible. Some areas that could be addressed include:
- gaining consent from participants to share their data publicly in an anonymised format
- even where data can’t be shared, there may be aspects that can such as the metadata, methods, survey questions or a summary
- getting permission from any third parties that might hold rights to the data you used in your research
- if your research has the potential to be commercialised, you should contact Cambridge Enterprise before sharing your data.
Learn more about data protection, ethics and integrity
Information and policies on data protection, ethics and integrity