Sensitive Data or Sensitive Information is a sub-set of personal information and is given a higher level of protection under Personal Information Protection Act(PIPA) Art.6(1). The definition of Sensitive Data(special categories of data) in the PIPA refers to information about an individual’s: medical treatment, genetic information, sexual life, health examination and criminal record. Any Information can be considered to be sensitive, depending on the nature. The better approach to define sensitive data is specifically enumerating special categories of sensitive data by Law. Almost all Sensitive data enumerated in current PIPA is about medical information and lacks medical record, therefore the list should be consolidated and amended. Fingerprint is biometric information which can be considered sensitive, but there is no legislation in other country, so it may not be added to the list temporarily. PIPA prohibits Government agency or Non-government agency from collecting, processing and using sensitive data unless at least one of the conditions(exemption) set out in Art.6(1) is fulfilled. However, the definition of the exemptions is vague and ambiguous. The types of the exemptions defined in PIPA are less than legislation in other country as well. Therefore this thesis suggests that PIPA should be amended and many other conditions, such as “data subject’s informed consent”, “for medical purposes” exemption, “for public interest” exemption and “in order to protect the vital interests of another person” exemption should be added. Although PIPA gives higher level of protection to sensitive data, it does not specifically state whether Government agency or Non-government agency should notice data subject before collecting sensitive data, or whether sensitive data can be used for secondary purpose. It should be amended immediately before the date for enforcement of the Act.