Data sensitivity relates to the extent to which access to data should be limited and the potential risk associated with unauthorized access to data. Data can be classified along a spectrum from public to business sensitive.
Public data is any information that is in the public domain, the unauthorized access to which poses little or no risk. At the other end of the spectrum is business sensitive data, or data that must be strictly protected from access by outside and/or unauthorized parties. An example of sensitive data is Personally Identifiable Information, or PII. PII data permits the identity of an individual to be directly or indirectly discovered and includes home address, social security number, financial or medical records.
Business sensitive data includes intellectual property, trade secrets, and financial and customer data. If the project created must conform to data protection standards or regulations such as HIPPA, PCI-DSS, or GDPR, refer to those standards to discern the level of sensitivity, and therefore data protection, that must be configured into the project.
As noted, the level of data sensitivity can be chosen for the project by referring to the data protection standard to which the project must conform. Choose public if the data is generally available in the public domain. Choose business sensitive if access to the data must be strictly limited to authorized users, or categories of authorized users. Choose a setting between those two points depending upon the extent to which access to the data should be limited.