Post by The NAI
11,061 followers
❓Ask three companies whether a piece of data is "sensitive health data" and you may get three different answers. That lack of uniformity was one of the clearest findings from our 2025 reviews. States define health-related sensitive data very differently — some narrowly (only data revealing a diagnosis), others broadly (anything touching past, present, or future health status). We saw members respond in three ways, each with a cost: → Over-classifying everything health-adjacent as sensitive (operational drag) → Under-classifying and missing genuinely sensitive data (a compliance gap) → Withdrawing from jurisdictions altogether (lost market) None of those is a great place to be. 🛠️ So we built a tool: the Factor Analysis for Health-Related Sensitive Personal Information. It introduces five factors for reasoning through close cases — the source of the data, its contents, its intended use, whether consumers have a heightened expectation of privacy, and the risk of harm. Sensitivity is contextual. Even neutral data can become sensitive depending on how it's collected and used. The Factor Analysis is built to help you reason through that, not guess. ↓ To find out more, check out the link in the comments ↓ #SensitiveData #HealthData #DataPrivacy #AdTech #PrivacyCompliance