by CIO Staff

How the Online Personal Privacy Act Defines Sensitive Information

Jul 15, 20021 min

How much information are your users willing to give? The Online Personal Privacy Act would require companies to treat sensitive and nonsensitive personally identifiable information separately. But what’s sensitive and what’s nonsensitive? The bill includes the following definitions.

Sensitive data cannot be collected and shared with third parties unless the user explicitly opts in.

  • Medical data
  • Race or ethnicity
  • Political party affiliation
  • Religious beliefs
  • Sexual orientation
  • Social Security number
  • Sensitive financial information (includes income; account numbers, passwords and balances for financial accounts; insurance policy information; debt and loan obligations)

Nonsensitive data can be collected and shared with third parties as long as the company includes a notice at the time of collection that the user can opt out.

  • First and last name
  • Home or other physical address, including street name and name of
  • city or town
  • E-mail address
  • Telephone number
  • Birth certificate number
  • Any other information that would permit physical or online contact.