Search Information Security site


Highly Sensitive Data

Data that require restrictions on access under certain laws such as Virginia Code § 18.2-186.6. Breach of Personal Information Notification [3], or that may be protected from release in accordance with applicable law or regulation.

Highly Sensitive data (HSD) currently includes personal information that can lead to identity theft.  HSD is also any health information that reveals an individual’s health condition and/or medical history.

Specific examples include, but are not limited to:

    Any store or file of passwords or user-ids and passwords on any multi-user system or computer.

    Personal information that, if exposed, can lead to identity theft. "Personal information” means the first name or first initial and last name in combination with and linked to any one or more of the following data elements about the individual:

        Social security number;

        Driver’s license number or state identification card number issued in lieu of a driver’s license number;

        Passport number; or

        Financial account number, or credit card or debit card number, including any cardholder data in any form on a payment card.

Also considered HSD are any form of personally identifying information in combination with social security number (SSN), driver’s license number, passport number and/or financial account number.  For example, computing ID and driver’s license number, or home address and SSN.  Note that credit card numbers can never be stored either alone or in combination with any other identifiers.

Health information that, if exposed, can reveal an individual’s health condition and/or history of health services use. “Health information,” also known as “protected health information (PHI),” includes health records combined in any way with one or more of the data elements about the individual known as Health Insurance Portability and Accountability Act (HIPAA) regulated identifiers (see Medical Record Review [4]).

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form