Privacy & Data Handling
Recognise what counts as personal or confidential information and learn simple habits for handling data with care.
What you'll learn
- Recognise personal and confidential information when you see it
- Match how you handle data to how sensitive it is
- Build everyday habits that protect privacy
Most data problems aren’t dramatic breaches — they’re small, well-meaning slips. A spreadsheet of customer details emailed to the wrong address. A document marked confidential left on a printer. A chat message sharing more than it needed to. The reassuring truth is that careful data handling is mostly common sense, once you can recognise what you’re holding. This lesson helps you spot personal and confidential information, understand that not all data is equally sensitive, and pick up a few habits that keep you and the people whose data you touch out of trouble.
What counts as sensitive
Personal information is anything that identifies a living person — a name, email, phone number, address, ID number, or even a combination of small details that together point to someone. Confidential information is anything not meant for the outside world: unreleased plans, contracts, pricing, internal reports, or another person’s records. Plenty of data is both. A customer list is personal and confidential.
Not everything needs locking in a vault, though. A handy way to think about it is a data-classification ladder, from open information anyone can see, up through internal-only material, to confidential data, and finally the most sensitive personal records. The higher up the ladder, the more care each step deserves. Putting the right data on the right rung is the whole game — over-protecting public information wastes effort, while under-protecting sensitive records is where real harm starts.
The higher the rung, the more care each step deserves — match handling to sensitivity.
Handling data with care
The core principle is wonderfully simple: collect only what you need, share only with people who need it, and keep it only as long as you should. This is sometimes called need-to-know, and it protects everyone. If a colleague asks for a full customer export when they only need one record, the kind answer is to give them the one record. Less data in circulation means fewer chances for it to go astray.
When you send something sensitive, slow down for a heartbeat. Check the recipient’s address — autocomplete is a frequent culprit. Ask whether everyone on the thread actually needs the attachment. Use the company’s approved tools rather than personal email or a random file-sharing site, because those approved tools usually carry the protections that personal ones lack.
Before you hit send on anything personal or confidential, pause and ask: does this person need this, and is this the right channel? That two-second check prevents most data slips.
Small habits, big protection
Lock your screen when you step away. Don’t leave printed documents sitting on the printer or your desk overnight. Be careful talking about confidential matters in cafes, trains, or open offices where strangers can overhear. Avoid putting sensitive data into tools or apps the company hasn’t approved, however convenient they seem — you can’t be sure where that information ends up. None of these takes real effort; they’re just habits worth building.
And if something does go wrong — you sent data to the wrong person, or lost a device — report it quickly. Speed matters enormously with data incidents, because a fast response can often contain the damage before it spreads. Owning a mistake early is always better than hoping no one notices.
Spot it: Data sensitivity
Read each item and decide where it sits on the data-classification ladder, then tap a card to flip it and check your answer.
Sort the data
Drag each item into the classification level it belongs to — or tap it, then tap a level. Hit Check placement when you’re done.
Here's where each one goes:
- The company's published annual report on the website → Public — it's meant to be visible to everyone.
- An employee handbook shared with all staff → Internal — it's staff-only but not as sensitive as confidential data.
- Unreleased product launch plans and pricing → Confidential — need-to-know business information.
- A customer's SSN paired with name and address → Sensitive personal — the highest rung; personal identifiers with financial data need great care.
- A press release announcing a new hire → Public — press releases are meant for the outside world.
- A complete customer list with emails and phone numbers → Sensitive personal — combined personal information about multiple people deserves the highest protection.
Tip: drag with a mouse, or tap an item then tap a level on touch screens. Get one wrong and the answer key appears.
How to use it
Weave these checks into your normal flow with phrases like:
- “Does this person actually need all of this, or just one part?”
- “Is this the approved tool for sending something sensitive?”
- “Let me double-check the recipient before I send.”
- “This feels confidential — let’s keep it on a need-to-know basis.”
You don’t need to memorise data law to handle information well. You need to recognise when something is personal or confidential, place it on the right rung of the ladder, share it only with those who genuinely need it, and speak up fast if something slips. Do that, and you’ll protect the people behind the data — which is, in the end, the whole point.
Quick check
1. A customer's name, email, and phone number together are an example of…
2. "Need-to-know" means…
3. If you email sensitive data to the wrong person, you should…