Personal vs. Sensitive Data Handling

📘 Module 1: Understanding Data Classifications (30 Minutes)

📖 Section 1.1: What is Personal Data?

• Definition: Any data that identifies or can be used to identify an individual
• Examples include: Name, email address, phone number, IP address, and photos

📖 Section 1.2: What is Sensitive Personal Data (SPD)?

• Definition and elevated protection status in law
• Examples: financial data, health records, biometric/genetic info, sexual orientation, caste, religion

📖 Section 1.3: Key Differences

• SPD poses higher risk if breached
• Requires higher legal thresholds for processing

📘 Module 2: Lawful Handling of Data (45 Minutes)

📖 Section 2.1: Consent and Purpose Limitation

• Explicit and informed consent for SPD
• Data should only be used for the declared purpose
• Transparent and user-friendly privacy notices

📖 Section 2.2: Data Minimization & Storage Practices

• Collect only what is necessary
• Implement data retention and archival policies
• Ensure secure disposal after retention period

📖 Section 2.3: Third-Party Sharing Rules

• Conduct due diligence before engaging processors
• Sign DPAs (Data Processing Agreements)
• Apply safeguards for international data transfers

📘 Module 3: Access Controls & Security Measures (30 Minutes)

📖 Section 3.1: Role-Based Access and Logging

• Grant access on a need-to-know basis only
• Maintain audit logs to track data access

📖 Section 3.2: Encryption, Masking, and Anonymization

• Encrypt sensitive data at rest and in transit
• Mask personal data in non-production environments
• Understand pseudonymization vs anonymization

📖 Section 3.3: Breach Handling for Sensitive Data

• Risk-based approach to breach reporting
• Regulatory and data subject notification obligations

🧠 Become data-wise — Learn to classify, protect, and handle personal and sensitive data with legal precision and technical safeguards.