Sensitive Data
Definition
A category of personal data that requires heightened protection due to its nature. Typically includes racial or ethnic origin, religious beliefs, health data, sexual orientation, genetic and biometric data, precise geolocation, and data from known children. Most laws require opt-in consent before processing sensitive data.
Legal Definition
Under the VCDPA (Va. Code 59.1-575): "a category of personal data that includes (i) data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; (ii) processing of genetic or biometric data for uniquely identifying a natural person; (iii) personal data collected from a known child; or (iv) precise geolocation data."
State Laws Using This Term
Practical Example
A health and fitness app collects users' health conditions and precise GPS location. Both data points are classified as sensitive data, requiring the app to obtain opt-in consent before collecting or processing this information.
Related Terms
Frequently Asked Questions
Is financial data considered sensitive data?
It varies by state. New Jersey's NJDPA explicitly includes financial account information in its definition of sensitive data. Most other state laws do not classify general financial data as sensitive, though it may be protected under separate financial privacy laws like the GLBA.
Do all states require opt-in consent for sensitive data?
Most states require opt-in consent before processing sensitive data. Utah is a notable exception, requiring only that consumers be given notice and an opportunity to opt out of sensitive data processing.