Sensitivity of Information

Some personal information is more sensitive than other personal information. The more sensitive the personal information is, the higher the risks would be if there were a privacy breach involving that personal information. For example, business contact information is technically personal information, but it is generally unlikely that an individual will suffer harm if his or her business contact information is publicly available. For that reason, the FOIP Act allows the university to disclose business contact information publicly as long as it is limited to that individual's business contact information, including business title, address, telephone number, facsimile number and e-mail address.

Examples at the other end of the spectrum include credit card information and health information of an individual - these are considered highly sensitive. If credit card information gets into the hands of the wrong person, there could be a high risk of identity theft. If health information of an individual gets into the hands of the wrong person, there could be a high risk of hurt or humiliation.

The university has an obligation to make reasonable safeguards to protect personal information that it holds. In general, the greater the sensitivity of the information, the greater the safeguards should be.

For more information and examples of the sensitivity of personal information, please see the Government of Alberta's "Data and Information Security Classification Guideline", which can be found at the following link.