26. . The Data Owner shall identify the level of protection required for a particular system commensurate with the need for confidentiality, integrity, availability, and accountability of the data processed by the system.
Sensitivity Levels. Sensitive data is data that is protected from unauthorized disclosure (confidentiality) or modification (integrity) because of the damage that could result to the Government or individuals as a result of such disclosure or modification. The sensitivity of the data input, stored, and processed by the system dictates the level of protection. Protection criteria for specific classifications of information are mandated by public laws. Penalties under section (g) of the Privacy Act for negligence of entrusted data could result in criminal liability for employees and cause significant embarrassment to GSA if information to be protected were compromised, corrupted, or unavailable.