What is CertGuide.ai?

CertGuide.ai is an AI-powered certification prep platform that helps you pass CompTIA exams like Security+, Network+, and A+. It maps all exam concepts, diagnoses your weak areas, and creates personalized study plans.

How does CertGuide compare to CertMaster?

CertGuide.ai offers AI-powered diagnostics that map your knowledge across all 183 Security+ concepts, personalized study plans, and an AI tutor. Unlike traditional prep tools, CertGuide shows you exactly which concepts need work and tracks your progress to exam readiness.

What is the pass rate for CertGuide users?

99% of CertGuide users who reach 95% concept mastery pass their certification exam on the first attempt.

How much does CertGuide cost?

CertGuide offers a free baseline assessment to diagnose your current knowledge. Full course access is $49 per certification exam.

Which CompTIA certifications does CertGuide support?

CertGuide currently supports CompTIA Security+ (SY0-701), with Network+ and A+ (Core 1 & Core 2) launching soon.

What is the difference between PII and PHI?

PII (Personally Identifiable Information) is any data that can identify an individual—like SSN, name, or address. PHI (Protected Health Information) is health-related information combined with identifiers, specifically protected under HIPAA. All PHI is PII, but not all PII is PHI.

What makes data a 'trade secret'?

Trade secrets are proprietary information that provides competitive advantage, is not publicly known, and is protected by reasonable security measures. If a company fails to protect the information, it may lose trade secret legal protection. Examples include formulas, processes, and customer lists.

What is the difference between human-readable and non-human readable data?

Human-readable data can be directly interpreted by people—like text documents, printed reports, or screen displays. Non-human readable data requires processing tools—like encrypted files, binary data, or encoded information. Human-readable data has higher shoulder surfing risk.

Why do different data types require different protection?

Different data types are subject to different regulations (HIPAA, PCI-DSS, GDPR) with specific requirements. They also have different sensitivity levels and breach impacts. Protecting all data the same way either over-protects public data (wasting resources) or under-protects sensitive data (risking compliance).

Objective 3.3High11 min

Data Types and Sensitivity

Categorizing data by type including regulated data, trade secrets, intellectual property, legal information, financial data, and understanding human-readable vs non-human readable data formats.

Understanding Data Types and Sensitivity

Different types of data require different levels of protection based on their sensitivity, regulatory requirements, and business value. Understanding data types is the foundation for implementing appropriate security controls.

Key data type categories: • Regulated data — Subject to legal compliance requirements • Trade secrets — Proprietary business information • Intellectual property — Creations of the mind with legal protections • Legal information — Attorney-client privileged data • Financial data — Payment cards, banking information

The 2017 Equifax breach exposed 147 million people's PII including Social Security numbers and birth dates—data types that are both regulated (requiring notification) and highly sensitive (enabling identity theft). Understanding data types determines both protection requirements and breach response obligations.

Proper data type identification drives classification, protection, and compliance decisions.

Why This Matters for the Exam

Data types and sensitivity are heavily tested on SY0-701 because protection requirements depend on what type of data you're handling. Questions cover regulatory categories, sensitivity levels, and appropriate handling.

Understanding data types helps with compliance requirements, data protection strategies, and incident response. Misidentifying data types leads to inadequate protection or compliance violations.

The exam tests recognition of data types and their associated requirements.

Deep Dive

What Types of Regulated Data Exist?

Regulated data is subject to legal requirements for protection, handling, and breach notification.

Common Regulated Data Types:

Type	Description	Regulation
PII	Personally Identifiable Information	GDPR, state laws
PHI	Protected Health Information	HIPAA
PCI	Payment Card Industry data	PCI-DSS
FERPA	Student educational records	FERPA
GLBA	Financial customer data	GLBA

PII Examples:

Direct identifiers:
- Social Security Number
- Driver's license number
- Passport number
- Biometric data

Indirect identifiers (combined can identify):
- Date of birth
- ZIP code
- Gender
- Race/ethnicity

PHI Under HIPAA:

Health information + identifiers:
- Medical records
- Insurance information
- Payment for healthcare
- Any health-related data linked to identity

What Is Trade Secret Data?

Trade secrets are proprietary information that provides competitive advantage.

Trade Secret Characteristics:

Characteristic	Description
Economic value	Provides business advantage
Secrecy	Not publicly known
Protection efforts	Reasonable security measures

Trade Secret Examples:

•Manufacturing processes
•Chemical formulas (Coca-Cola recipe)
•Customer lists
•Pricing strategies
•Source code
•Algorithms

Trade Secret Protection:

Legal protection requires:
1. Information has value from being secret
2. Company takes reasonable steps to protect
3. Not publicly available

If leaked: May lose legal protection

What Is Intellectual Property?

Intellectual property (IP) refers to creations of the mind with legal protections.

IP Types:

Type	Protects	Duration
Patent	Inventions	20 years
Copyright	Creative works	Life + 70 years
Trademark	Brand identifiers	Indefinite (with use)
Trade secret	Confidential info	Until disclosed

IP vs Trade Secret:

Patent: Public disclosure required, time-limited protection
Trade secret: No disclosure, protection as long as secret maintained

Example: Algorithm
- Patent: Disclose how it works, 20-year exclusive use
- Trade secret: Never disclose, protect indefinitely (if secret kept)

What Are Legal and Financial Data Types?

Legal Information:

Type	Description	Protection Requirement
Attorney-client	Privileged communications	Highest protection
Litigation hold	Evidence for legal proceedings	Preservation required
Contracts	Legal agreements	Confidentiality
Regulatory filings	Compliance documents	Retention requirements

Financial Data:

Type	Examples	Regulation
Cardholder data	PAN, CVV, expiration	PCI-DSS
Banking data	Account numbers, routing	GLBA
Financial statements	Revenue, earnings	SOX
Tax records	Returns, filings	IRS requirements

What Is Human-Readable vs Non-Human Readable Data?

Human-Readable Data:

Data that humans can directly interpret:
- Plain text documents
- Printed reports
- Displayed data on screens
- Physical documents

Security concern: Visible to shoulder surfing, photography

Non-Human Readable Data:

Data requiring processing to interpret:
- Encrypted data
- Binary files
- Database storage
- Encoded data
- Machine code

Security benefit: Not directly viewable
Security concern: Still accessible with right tools

Format Comparison:

Aspect	Human-Readable	Non-Human Readable
Direct viewing	Yes	No
Requires tools	No	Yes
Shoulder surfing risk	High	Low
Storage efficiency	Lower	Higher
Examples	CSV, TXT, reports	Binary, encrypted, encoded

How Do Data Types Affect Security Requirements?

Protection by Data Type:

Data Type	Encryption	Access Control	Audit	Retention
PII	Required	Strict	Required	Limited
PHI	Required	Very strict	Required	6+ years
PCI	Required	Need-to-know	Required	Limited
Trade secret	Recommended	Very strict	Recommended	Indefinite
Public	Optional	Basic	Optional	Varies

How CompTIA Tests This

Example Analysis

Scenario: A healthcare organization stores the following data: patient medical records, employee Social Security numbers, credit card numbers for patient payments, and marketing materials. Categorize each data type and identify applicable regulations.

Analysis - Data Type Classification:

Data Inventory:

Data	Type	Regulation	Sensitivity
Patient medical records	PHI	HIPAA	High
Employee SSNs	PII	State laws, tax regs	High
Credit card numbers	PCI data	PCI-DSS	High
Marketing materials	Public	None	Low

Detailed Classification:

Patient Medical Records (PHI):

Regulation: HIPAA
Requirements:
- Encryption at rest and in transit
- Access controls with minimum necessary
- Audit logging
- Breach notification within 60 days
- Business associate agreements
- 6-year retention minimum

Employee SSNs (PII):

Regulations: State privacy laws, IRS requirements
Requirements:
- Encryption recommended
- Access limited to HR/payroll
- Retention per tax requirements
- Breach notification per state law

Credit Card Numbers (PCI):

Regulation: PCI-DSS
Requirements:
- Cannot store CVV after authorization
- Encrypt cardholder data
- Network segmentation
- Quarterly vulnerability scans
- Annual assessments
- Immediate breach response

Marketing Materials (Public):

Regulations: None
Requirements:
- Basic access controls
- Version control
- No special handling

Key insight: A single organization often handles multiple data types, each with different regulatory requirements. The strictest applicable requirement typically governs handling—if a system contains both PII and PHI, HIPAA requirements apply to the entire system.

Key Terms

data typesdata sensitivityPIIPHIregulated datatrade secretsintellectual propertydata classification

Common Mistakes

Treating all sensitive data the same—different data types have different regulatory requirements. PII, PHI, and PCI each have specific rules.

Forgetting indirect PII—data that can identify someone when combined (ZIP + DOB + gender) is also PII.

Assuming encryption alone is compliance—regulations require access controls, auditing, and breach response procedures too.

Ignoring trade secret protection requirements—trade secrets lose legal protection if reasonable security measures aren't maintained.

Exam Tips

PII = Personally Identifiable Information. PHI = Protected Health Information (HIPAA). PCI = Payment Card Industry data.

HIPAA applies to PHI (health + identifier). Medical records alone aren't PHI unless linked to a person.

Trade secrets require ACTIVE protection to maintain legal status. If you don't protect them, they're not legally trade secrets.

Human-readable data is vulnerable to shoulder surfing. Non-human readable (encrypted, binary) requires tools to view.

When multiple regulations apply, the strictest requirements govern.

PCI-DSS: CVV/CVC cannot be stored after transaction authorization—ever.

Memory Trick

Data Type Memory - "TRIP LF":

•Trade secrets — Proprietary competitive advantage
•Regulated data — PII, PHI, PCI (has legal requirements)
•Intellectual property — Patents, copyrights, trademarks
•Personal data — Individual identifying information
•Legal information — Attorney-client, litigation
•Financial data — Payment, banking, accounting

PII vs PHI: "PII = Person's Identity Information" "PHI = Personal Health Information"

PHI is PII + health data (needs BOTH)

Regulated Data Triggers: "If it identifies a Person, Patient, or Payment, it's Protected" - PII = Person - PHI = Patient - PCI = Payment

Trade Secret Rule: "If you don't protect it, you can't claim it" No security = No legal trade secret status

Human vs Non-Human Readable: "If you can read it with your eyes, so can the spy" Human-readable = higher shoulder surfing risk

Test Your Knowledge

Q1.A hospital stores patient diagnoses linked to patient names and dates of birth. What type of data is this?

Q2.A company's proprietary manufacturing process is accidentally posted on a public website. What happens to its trade secret status?

Q3.Which data type can NEVER be stored after a payment transaction is authorized?

Want more practice with instant AI feedback?

Continue Learning

Data Classification Data Protection Methods

Ready for the Exam?

See exactly where you stand on this concept and 182 others.

99% pass rate · Pass guarantee

Control Selection Data Classification