Data that, if lost, misused, accessed without proper authorization, or mutilated, could adversely affect an organization’s interests, the conduct of its programs, or the privacy of its stakeholders. NIST originally defined “sensitive information” to refer to information that, if involved in an incident, could adversely affect the interest of the US or the conduct of its federal programs, or the privacy of federal employees.