Moderately Sensitive Data is now called Sensitive Data

Effective March 20, 2020

Non-Substantive change: The term moderately sensitive data has been changed to sensitive data. The definition remains the same.

Data, records, and files that:

• may be withheld from release under the Virginia Freedom of Information Act (FOIA),

• are not public records,

• do not enable identity theft,

• are not protected health information (PHI).

Examples include information concerning the prevention of or response to cyber-attacks, or information that describes a security system used to control access to or use of an automated data processing or telecommunications system, or research records that do not contain Highly Sensitive Data, University ID numbers, i.e., those printed on University ID cards, and/or Family Educational Rights and Privacy Act-protected data not covered under the definition of “Highly Sensitive” data.  This category of data also includes any data or record covered by the exemptions listed in the Commonwealth of Virginia Freedom of Information Act).

Questions and concerns should be directed to [email protected]