An Overview

This toolkit will help small businesses identify crucial data that should be safeguarded from external vulnerabilities as well as ways to classify it into different forms. The following sections covers various type of data that are important and the different categories it can be classified into. If you need more information on the following topics, make sure to check out the corresponding blog article for complete understanding.

What type of data needs to be protected

Protected health information is information, including demographic information, which relates to:

(1) the individual’s past, present, and future physical or mental health records,

(2) the provision of health care to the individual,

(3) the past, present, and future payment for the provision of health care to the individual,

(4) all information pertaining to the individual including social security information.

All personally identifiable data about the cardholder (i.e. account number, credit/debit card numbers, expiration date, data provided by the cardholder, other electronic data gathered by the merchant/agent, etc.). With the addition of tap-to-pay, it is now much easier to have your card information stolen by just standing near other people.

The government uses this number to keep track of your lifetime earnings and number of years worked and can lead to identity theft if not protected.

Username or email, in combination with password or security question and answer that would permit access to an online account.

Accounts within institutions or firms that deal with personal finances that may include investments, assets, or different types of transactions.

It may contain not only a person’s name, address and birthday, but also his or her SSN depending on the state in which the license was issued. This lethal combination can be used to steal someone’s identity and fraudulently open lines of credit in a person’s name.

Internet protocol (better known as IP) is used to relay information across network boundaries. It’s what allows you to be able to connect to the internet. IP address is a numerical label assigned to each device that is connected to the IP. With this information, cyberattackers can see your location, what you’re doing and even access devices connected to the network.

Data can be classified into following categories:


A dataset is classified as public if there is no harm or impact to the business in the event that the data set is disclosed or leaked. Examples of public data can be contact information, newsletters and press releases.


A dataset is classified as internal when the data contains information related to the organization that should be kept protected for exclusivity or ethical reasons. Examples are contract information, employee reviews and organization charts.


A dataset is classified as confidential if the dataset contains important data related to customers or business which could have significant impact on the organization. Examples of confidential data are social security numbers of employees or credit card information of customers.

Cyber attacks are real!

Learn more about the value of protecting personal data.

More Toolkits

Protection Toolkit

Responding Toolkit

Phishing Toolkit