Types of Sensitivities

One of the important insights that IBM Guardium DSPM provides about your inventory is the different types of sensitivities that are discovered in the data stores of cloud accounts.

Guardium DSPM supports four categories of sensitivities:

  • Personal Information that is tagged as Personal in the Data inventory page
  • Confidential Secrets that are tagged as Confidentiality label in the Data inventory page
  • Development Secrets that are tagged as Development in the Data inventory page
  • Financial Information that is tagged as Financial in the Data inventory page
  • Identifiable Information that is tagged as Identifiable in the Data inventory page

If you click the Sensitivities for a data store listed in the table of the Data inventory page, you can see the detailed list of different types of sensitivities of the data store that is detected in different files. In that list of files, you can click any of the Sensitivities of a file, for example, Person, Credit card, or email, to know more about the location of the sensitivities in the file.

In the Data inventory page, you can also click the Personal, Development , Financial, and Identifiable buttons to filter the sensitivities of the data store. To know more about filtering in the Data inventory page, see Filtering inventories.

The following table provides the different types of sensitivities that are categorized as Personal. These sensitivities are tagged as Personal in the Data inventory page in the Main sensitivities section in this page. These sensitivities expose personal information, such as name, email address, phone number, and so on.

Table 1. Personal Information Sensitivities
Sensitivity Description
Business email address A business email address
Date of birth A persons' date of birth.
Email address An email address is an identifier for an email account from where messages are delivered or received. It enables users of an email address to send and receive emails.
Location A location such as the full address, city, or state
NRP Describes the nationality (American, British, and so on) and the religion (Jewish, Christian, Muslim, Catholic, and so on) of an individual.
Person A persons' first name, last name, or full name
Personal email address A personal email address
Phone number Phone numbers of different regions that can include local landlines numbers, mobile phone numbers, and international numbers.
Security question A Security question is a common method of authenticating identity of individuals. Answers to security questions are commonly used for self-service password recovery. Security questions and answers can also be used as additional log in authentication factors.
UK post code The UK Postcode number is a unique identifier that is assigned to a specific geographic location in the United Kingdom. The postcode is used to identify a particular postal delivery area and to help ensure that mail and packages are delivered to the correct address.

The following table provides the different types of sensitivities that are categorized as Confidentiality Secrets. These sensitivities are tagged as Secrets in the Data inventory page in the Main sensitivities section. These sensitivities expose access secrets, keys, or tokens.

Table 2. Confidentiality Secrets Sensitivities
Sensitivity Description
Confidential Confidential label is a unique identifier of sensitive documents that is marked to protect your organization data.
Secret Secret label is a unique identifier of sensitive documents that contain confidential sensitive information. Such documents should be available for a specific audience, in a need-to-know bases, or with proper classification.
Top secret Top secret is a unique identifier of sensitive documents that contain confidential sensitive information. Such documents should be available for a specific audience with proper classification.
Controlled Unclassified Information Controlled Unclassified Information (CUI) label is a unique identifier for sensitive information.

The following table provides the different types of sensitivities that are categorized as Development Secrets. These sensitivities are tagged as Secrets in the Data inventory page in the Main sensitivities section. These sensitivities expose secrets that are labeled as confidential, top secret, and so on.

Table 3. Development Secrets Sensitivities
Sensitivity Description
AWS key An AWS access key or AWS secret access key that can be used to access an AWS account
Github token A GitHub token that can be used to access a GitHub repository
OAUTH token An OAuth token that can be used to authorize access to an application or device
Password A hardcoded password that can be used to access any sensitive information
Private key A common private key hat can be used to authorize access to any private information
Slack token A Slack token that can be used to authorize access to a channel or workspace to send information about a channel or workspace events
Stripe token A Stripe token that can be used to authorize access to some financial account

The following table provides the different types of sensitivities that are categorized as Financial Information. These sensitivities are tagged as Financial in the Data inventory page in the Main sensitivities section in this page. These sensitivities expose financial information, such as, credit card numbers, bank ID numbers.

Table 4. Financial Information Sensitivities
Sensitivity Description
ABA Routing Number The American Banking Association (ABA) routing number, also known as routing transit number (RTN), is used to facilitate the transfer of funds between banks, credit unions, and other financial institutions. ABA routing numbers are used to verify the identity of the financial institution and to authorize transactions such as wire transfers, ACH transfers, and direct deposits.
Brazil bank account A Brazil bank account number of an account holder by a financial institution that can be used as a unique identifier. Bank account numbers are used to verify the identity of the account holder and to authorize transactions with the bank.
Brazil branch bank Brazil branch bank refers to codes of the branches of banks in Brazil.
BR payment key The Brazilian payment key is a payment method developed by the Central Bank of Brazil that enables fast, online financial transactions.
Columbia tax ID A tax ID and a vital identification number issued by the tax authority of Columbia that can identify individuals and businesses within the Colombian tax system. It is essential for complying with tax obligations and conducting financial transactions.
Credit card A credit card number that can be used to verify the identity of the cardholder and to authorize transactions with merchants
Crypto BTC Bitcoin (BTC) crypto account numbers are unique identifiers that are used to send, receive, and store bitcoins on the Bitcoin network. Each Bitcoin address is unique and can be used to receive Bitcoin transactions from anyone around the world.
Crypto ETH Ethereum (ETH) crypto account numbers are unique identifiers that are used to send, receive, and store Ether and other digital assets on the Ethereum blockchain. Each Ethereum address is unique and can be used to receive and send Ether and other digital assets.
Crypto XMR Monero (XMR crypto account numbers are unique identifiers that are used to send, receive, and store Monero on the Monero network. Monero addresses are unique and can be used to receive and send Monero transactions privately because Monero transactions are confidential and untraceable.
Crypto wallet Crypto wallets safely store your private keys to your cryptocurrencies, keeping your crypto accessible all the time. They also allow you to send, receive, and spend currencies, such as Bitcoin and Ethereum.
Financial data Financial data includes information about an organization's income, expenses, assets, liabilities, and cash flow. Such data can be used to deduce the financial performance of the organization.
Greek tax identification number The Greek tax identification number is a unique identification number issued for the individuals and businesses in Greece. It is required for tax obligations, payments, and other financial transactions with the Greek government.
IBAN code IBAN (International Bank Account Number) is a unique code that can be used to identify an individual bank account in a particular country. By using IBAN codes, financial institutions can confirm the validity of a recipient's bank account and minimize the risk of errors or fraudulent activities in cross-border transactions.
IT fiscal code The Italian Fiscal Number is a unique identification code that is assigned to individuals and entities in Italy for tax and financial purposes. It is used for a wide range of transactions, such as opening a bank account, signing a lease agreement, or purchasing a property.
IT VAT code The Italian VAT code, also known as Partita IVA or Partita Identificativa, is a unique identification number that is assigned to individuals and businesses that operate in Italy. This code is mandatory for companies that conduct business in Italy and is used for tax purposes, including calculating and reporting VAT (Value Added Tax).
SFC license An essential official permit issued by Security and Features Commission (SFC) that authorizes local and foreign entities to do regulated activities within the securities and futures industry in Hong Kong.
US bank number A US bank account number of an account holder by a financial institution that can be used as a unique identifier. Bank account numbers are used to verify the identity of the account holder and to authorize transactions with the bank.
US ITIN The Internal Revenue Service (IRS) assigns a US Individual Taxpayer Identification Number (ITIN), a tax processing number, to individuals. It is assigned to those individuals who are required to have a US taxpayer identification number but are not eligible to obtain a Social Security number.

The following table provides the different types of sensitivities that are categorized as Identifiable Information. These sensitivities are tagged as Identifiable in the Data inventory page in the Main sensitivities section in this page. These sensitivities are identifiers, such as, medical license number, national identification number.

Table 5. Identifiable Information Sensitivities
Sensitivity Description
AS passport It is a unique identifier number that is assigned to citizens of Asian countries who possess valid passports. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
AU ABN (Business ID) The Australian Business Number (ABN) is an identifier that is assigned to businesses in Australia. It is used for tax and business purposes and is required for any business with a turnover of $75,000 or more per year. The ABN is used to identify businesses to government agencies, suppliers, and customers.
AU ACN (Company ID) The Australian Company Number (ACN) is an identifier that is assigned to every company registered in Australia. It is used by government agencies, businesses, and the public to identify and access information about a company's activities and financial status.
AU medicare The Australian Government issues an Australian Medicare number, a unique identifier that enables the cardholder to receive rebates of medical expenses under Australia's Medicare system.
AU passport The Australian passport number is a unique identifier that is assigned to Australian citizens who possess valid passports. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
AU TFN (Tax ID) The Australian Taxation Office issues an Australian Tax File Numbers (TFN), a unique identifier, to each taxpaying entity, an individual, company, superannuation fund, partnership, or trust.
BR CNH The Brazilian driver license or Brazilian Carteira Nacional de Habilitacao (BR CNH) is a government-issued document that verifies an individual's ability to operate a vehicle. The driver's license number is a unique identifier that is assigned to each licensed driver and is used to verify the identity of the drivers when they drive or access certain government services.
BR CNPJ (Company ID) The Cadastro Nacional de Pessoa Juridical (CNPJ) or National Registry of Legal Entities is an identification number of Brazilian companies recognized by the Brazilian Ministry of Revenue.
BR CPF (Tax ID) The Brazilian Cadastro de Pessoas Físicas (Individual Taxpayer Registry) numbers is assigned to individuals and businesses in Brazil. It is similar to the employer identification number (EIN) used in the United States and the value-added tax identification number (VATIN) used in the European Union.
BR driver license The Brazilian driver license is a government-issued document that verifies an individual's ability to operate a vehicle. The driver's license number is a unique identifier that is assigned to each licensed driver and is used to verify the identity of the drivers when they drive or access certain government services.
BR passport The Brazilian passport number is a unique identifier that is assigned to Brazilian citizens who possess valid passports. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
CA OHIP The Canadian Ontario Health Insurance Plan (OHIP) card number is a unique identifier that is assigned to Ontario residents who are registered with the province's health insurance plan. The number is used to verify the identity of the individuals when they access healthcare services.
CA passport The Canadian passport number is a unique identifier that is assigned to Canadian citizens who possess valid passports. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
CA SSN The Canada Social Security Number (SSN) or Canada Social Insurance Number (SIN) is a unique identifier that is assigned to individuals who are authorized to work in Canada. The SIN is used to verify the identity of the individuals when they access certain government services or financial transactions such as applying for credit or opening a bank account.
DEA license Common Drug Enforcement Administration (DEA) license numbers that are unique identifiers that are assigned to healthcare professionals, such as doctors or nurses. These numbers are used to verify the identity and credentials of the healthcare professional when they are practicing medicine or accessing certain government services.
Domain name A domain name is a string of text that is used to access a website from client software.
ES DNI (ID) The Documento Nacional de Identidad (DNI) or carnet de identidad is a national identity document compulsory for all citizens of Spain who are aged fourteen and above.
ES driver license The Spanish driver license is a government-issued document that verifies an individual's ability to operate a vehicle. The driver's license number is a unique identifier that is assigned to each licensed driver and is used to verify the identity of the drivers when they drive or access certain government services.
ES NIE (Foreigner ID) The abbreviation NIE stands for Número de Identidad de Extranjero in Spanish. It is the identification number for foreigners. The Spanish NIE number is a personal and unique tax identification number given to non-residents. It is used by the foreigners for academic, business, economic, or professional purposes related to Spain.
ES NIF The Spanish National identificación fiscal (NIF) number is a tax identification number that is assigned to individuals and businesses in Spain. It is similar to the employer identification number (EIN) used in the United States and the value-added tax identification number (VATIN) used in the European Union.
ES passport The Spanish passport number is a unique identifier that is assigned to Spanish citizens who possess valid passports. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
ES SSN The Spanish Social Security Number (SSN) is a unique identifier that is assigned to individuals who are authorized to work in the Spain. The SSN is used to verify the identity of the individuals when they access certain government services or financial transactions, such as, apply for credit or open a bank account.
EU passport The European Union (EU) passport is a unique identifier that is assigned to citizens of any one of the 27 countries that are members of the EU. The EU passport is used to verify the identity of the individuals when they travel internationally or access certain government services. Holders of an EU passport can travel visa free in any of the member countries of EU and to a large number of third-countries the EU has bilateral agreements with.
GR AMKA The Greek social security number (GR AMKA) is an insurance ID that is needed for all the transactions regarding employment, insurance, pensions, and benefits in Greece. It is also used to issue or renew a health booklet that is required for every medical consultation in Greece because and tracks the health history of individuals.
GR driver license The Greek driver license is a government-issued document that verifies an individual's ability to operate a vehicle. The driver's license number is a unique identifier that is assigned to each licensed driver and is used to verify the identity of the drivers when they drive or access certain government services.
HKID The Hong Kong Identification number (HKID), is a unique identifier that is assigned to every individual in Hong Kong.
IL TZ The Israeli identification number, Teudat Zehut (TZ), is a unique identifier that is assigned to every individual in Israel.
IP address An Internet Protocol (IP) address that is a unique identifying number assigned to every device connected to the internet.
IT driver license The Italian driver license is a government-issued document that verifies an individual's ability to operate a vehicle. The driver's license number is a unique identifier that is assigned to each licensed driver and is used to verify the identity of the drivers when they drive or access certain government services.
IT identity card The Italian government assigns an Italian Identity Card number (Carta d'Identitỳ), a unique identifier, to Italian citizens. This number is used to verify the identity of the individual when they access certain government services, such as, apply for a passport or vote in elections.
IT passport The Italian passport number is a unique identifier that is assigned to Italian citizens who possess valid passports. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
Loyalty card number Loyalty card number is a unique number that is printed on the card held by a consumer, digitally or through a bar code. The card is provided to the consumer of a business organization to reward the customer for buying goods or services from the organization and to record information about what they buy.
Medical information Medical information is any medical condition of an individual, such as the medical history, diseases, and so on. It can be used to identify and target individuals with specific medical conditions, and can also be used for insurance fraud or other types of financial scams.
Medical license A Medical license is an occupational license that permits a person to legally practice medicine.
NDC The National Drug Code (NDC) is a unique number and a universal product identifier for human drugs in the United States.
NL BSN The Netherlands citizen service number (BSN) is a unique identifier assigned to Netherlands citizens. This number is used to verify the identity of the individual when they access certain government services, such as, apply for a passport or vote in elections in Netherlands.
NL driver license The Netherlands driver license number is a government-issued document that verifies an individual's ability to operate a vehicle in Netherlands. The driver's license number is a unique identifier that is assigned to each licensed driver. It is used to verify the identity of the drivers when they drive or access certain government services.
NL passport The Netherlands passport number is a unique identifier that is assigned to Dutch citizens who possess a valid passport. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
NPI number The NPI number is a unique identification number used by health care provider institutions, individuals, and plans. NPI numbers are used in their administrative and financial transactions.
Passport A passport is a document with a unique identifier number that is assigned to citizens of a particular country or geographical unit.
PH TIN The Philippines Taxpayer Identification Number (TIN) is a tax processing number. It is assigned to those individuals who are required to have a Philippines taxpayer identification number.
PT citizen card The Portuguese citizen card is a mandatory proof of citizenship for Portuguese individuals for civil identification before any public or private entity.
PT driver license The Portuguese driver license is a government-issued document that verifies an individual's ability to operate a vehicle. The driver's license number is a unique identifier that is assigned to each licensed driver and is used to verify the identity of the drivers when they drive or access certain government services.
PT NIF (Tax ID) The Portuguese National Identification Fiscal (NIF) number is a tax identification number that is assigned to individuals and businesses in Portugal. It is similar to the employer identification number (EIN) used in the United States and the value-added tax identification number (VATIN) used in the European Union.
SG NRIC/FIN (ID) The Singapore National Registration Identity Card (SG NRIC) number or Foreign Identification Number (FIN) is a unique identifier that is assigned to Singaporean citizens, permanent residents, foreign workers, and students who live and work in Singapore. This number is used to verify the identity of the individuals when they access certain government services or financial transactions, such as, apply for credit or open a bank account.
UK driver license The UK Driver License number is a government-issued document that verifies an individual's ability to operate a vehicle. The driver's license number is a unique identifier that is assigned to each licensed driver. It is used to verify the identity of the drivers when they drive or access certain government services.
UK NHS The UK National Health Service (NHS) number is a unique identifier that is assigned to every resident of the United Kingdom who is registered with the NHS. The NHS number is used to verify the identity of the individuals when they access healthcare services.
UK NIN The UK National Insurance Number (NIN) is a unique identifier that is assigned to individuals who live and work in the United Kingdom. The NIN is used to verify the identity of the individuals when they access certain government services.
US driver license The US Driver License number is a government-issued document that verifies an individual's ability to operate a vehicle (supporting multiple US states). The number is used to verify the identity of the drivers when they drive or access certain government services.
US passport The US passport number is a unique identifier that is assigned to US citizens who possess a valid passport. This number is used to verify the identity of the individuals when they travel internationally or access certain government services.
US SSN The US Social Security Number (SSN) is a unique identifier that is assigned to individuals who are authorized to work in the United States. The SSN is used to verify the identity of the individuals when they access certain government services or financial transactions, such as, apply for credit or open a bank account.

Apart from the four categories of sensitivities described in the tables, you can also request the creation of Custom Sensitivities. After the Custom Sensitivities are deployed in your environment, Guardium DSPM automatically starts to filter and categorize sensitive data that fits the pattern that you defined in the custom sensitivity. With this customized categorization of sensitivities, you have more control and visibility over your organizational sensitive data. You can contact customer support to create Custom Sensitivities.