Overview#
Private data is data that is considered "private" by the Resource Owner's Data ClassificationData should be classified as Private data or Company Confidential when the unauthorized disclosure, alteration or destruction of that data could result in a moderate level of risk to the Entity or their affiliates.
By default, all data that is not explicitly classified should be treated as Private data or Company Confidential
A reasonable level of security controls should be applied to Private data.
Private data is typically any data considered private and includes:
- Personal data
- Personally Identifiable Information
- Patient Data
- any other data that is considered "private" by the Resource Owner's Data Classification
We contrast Private data to Personal data as it may be an Organizational Entity that considers the data to be Private data