Sensitive Information

Paul Ohm

University of Colorado Law School

September 24, 2014

Southern California Law Review, Vol. 88, 2015, Forthcoming

Almost every information privacy law provides special protection for certain categories of “sensitive information,” such as health, sex, or financial information. Even though this approach is widespread, the concept of sensitive information is woefully undertheorized. What is it about these categories that deserves special protection? This Article offers an extended examination of this question. It surveys dozens of laws and regulations to develop a multi-factor test for sensitivity.

From this survey, the Article concludes that sensitive information is connected to privacy harms affecting individuals. Consistent with this, at least for the case of privacy in large databases, it recommends a new “threat modeling” approach to assessing the risk of harm in privacy law, borrowing from the computer security literature. Applying this approach it concludes that we should create new laws recognizing the sensitivity of currently unprotected forms of information — most importantly geolocation and some forms of metadata — because they present significant risk of privacy harm.

Number of Pages in PDF File: 55

Keywords: privacy, information privacy, health, financial, education, sensitive, sensitive information

JEL Classification: K00, K23

Open PDF in Browser Download This Paper

Date posted: September 26, 2014  

Suggested Citation

Ohm, Paul, Sensitive Information (September 24, 2014). Southern California Law Review, Vol. 88, 2015, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2501002

Contact Information

Paul Ohm (Contact Author)
University of Colorado Law School ( email )
401 UCB
Boulder, CO 80309
United States
303-492-0384 (Phone)
303-492-1200 (Fax)

Feedback to SSRN

Paper statistics
Abstract Views: 3,487
Downloads: 603
Download Rank: 33,462