Sensitive Information

55 Pages Posted: 26 Sep 2014

See all articles by Paul Ohm

Paul Ohm

Georgetown University Law Center

Date Written: September 24, 2014


Almost every information privacy law provides special protection for certain categories of “sensitive information,” such as health, sex, or financial information. Even though this approach is widespread, the concept of sensitive information is woefully undertheorized. What is it about these categories that deserves special protection? This Article offers an extended examination of this question. It surveys dozens of laws and regulations to develop a multi-factor test for sensitivity.

From this survey, the Article concludes that sensitive information is connected to privacy harms affecting individuals. Consistent with this, at least for the case of privacy in large databases, it recommends a new “threat modeling” approach to assessing the risk of harm in privacy law, borrowing from the computer security literature. Applying this approach it concludes that we should create new laws recognizing the sensitivity of currently unprotected forms of information — most importantly geolocation and some forms of metadata — because they present significant risk of privacy harm.

Keywords: privacy, information privacy, health, financial, education, sensitive, sensitive information

JEL Classification: K00, K23

Suggested Citation

Ohm, Paul, Sensitive Information (September 24, 2014). Southern California Law Review, Vol. 88, 2015, Forthcoming, Available at SSRN:

Paul Ohm (Contact Author)

Georgetown University Law Center ( email )

600 New Jersey Avenue, NW
Washington, DC 20001
United States
202-662-9685 (Phone)

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics