Random half-considered theory: the use within the information security field of the term “sensitive data” as a catch-all for anything worth protecting subtly guides us to be evasive, tentative, even secretive about the mere existence of such information and unwilling to discuss openly the risk management strategies appropriate to a given set of data because of the way we interpret, use and think of the word “sensitive” in other contexts. It’s too easy to make the leap from “sensitive data” to “sensitive people” and we are trained to tiptoe around sensitive people. If we switched to using the term “valuable data” we would more easily discuss it in a matter-of-fact manner.