HOME

TheInfoList



OR:

Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely accepted in the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
, but the phrase it abbreviates has four common variants based on ''personal'' or ''personally'', and ''identifiable'' or ''identifying''. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used. Under European and other data protection regimes, which centre primarily on the
General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...
(GDPR), the term "personal data" is significantly broader, and determines the scope of the regulatory regime.
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
Special Publication 800-122 defines personally identifiable information as "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information." For instance, a user's
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
is not classed as PII on its own, but is classified as a linked PII. Personal data is defined under the GDPR as "any information which srelated to an identified or identifiable natural person". The IP address of an Internet subscriber may be classes as personal data. The concept of PII has become prevalent as
information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology system (I ...
and the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
have made it easier to collect PII leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to aid in the planning of criminal acts. As a response to these threats, many website privacy policies specifically address the gathering of PII, and lawmakers such as the
European Parliament The European Parliament (EP) is one of the legislative bodies of the European Union and one of its seven institutions. Together with the Council of the European Union (known as the Council and informally as the Council of Ministers), it adopts ...
have enacted a series of legislation such as the General Data Protection Regulation (GDPR) to limit the distribution and accessibility of PII. Important confusion arises around whether PII means information which is identifiable (that is, can be associated with a person) or identifying (that is, associated uniquely with a person, such that the PII ''identifies'' them). In prescriptive data privacy regimes such as HIPAA, PII items have been specifically defined. In broader data protection regimes such as the GDPR, personal data is defined in a non-prescriptive principles-based way. Information that might not count as PII under HIPAA can be personal data for the purposes of GDPR. For this reason, "PII" is typically deprecated internationally.


Definitions

The
U.S The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country Continental United States, primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., ...
. government used the term "personally identifiable" in 2007 in a memorandum from the Executive Office of the President, Office of Management and Budget (OMB),M-07-16 SUBJECT:Safeguarding Against and Responding to the Breach of Personally Identifiable Information
FROM: Clay Johnson III, Deputy Director for Management (2007/05/22)
and that usage now appears in US standards such as the
NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
''Guide to Protecting the Confidentiality of Personally Identifiable Information'' (SP 800-122). The OMB memorandum defines PII as follows: A term similar to PII, "personal data" is defined in EU directive 95/46/EC, for the purposes of the directive: In the EU rules, there has been a more specific notion that the data subject can potentially be identified through additional processing of other attributes—quasi- or pseudo-identifiers. In the GDPR Personal Data is defined as: A simple example of this distinction: the color name "red" by itself is ''not'' personal data, but that same value stored as part of a person's record as their "favorite color" ''is'' personal data; it's the connection to the person that makes it personal data, not (as in PII) the value itself. Another term similar to PII, "personal information" is defined in a section of the California data breach notification law, SB1386: The concept of information combination given in the SB1386 definition is key to correctly distinguishing PII, as defined by OMB, from "personal information", as defined by SB1386. Information, such as a name, that lacks context cannot be said to be SB1386 "personal information", but it must be said to be PII as defined by OMB. For example, the name John Smith has no meaning in the current context and is therefore not SB1386 "personal information", but it is PII. A
Social Security Number In the United States, a Social Security number (SSN) is a nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents under section 205(c)(2) of the Social Security Act, codified as . The number is issued to ...
(SSN) without a name or some other associated identity or context information is not SB1386 "personal information", but it is PII. For example, the SSN 078-05-1120 by itself is PII, but it is not SB1386 "personal information". However the combination of a valid name with the correct SSN is SB1386 "personal information". The combination of a name with a context may also be considered PII; for example, if a person's name is on a list of patients for an HIV clinic. However, it is not necessary for the name to be combined with a context in order for it to be PII. The reason for this distinction is that bits of information such as names, although they may not be sufficient by themselves to make an identification, may later be combined with other information to identify persons and expose them to harm. According to the OMB, it is not always the case that PII is "sensitive", and context may be taken into account in deciding whether certain PII is or is not sensitive. When a person wishes to remain anonymous, descriptions of them will often employ several of the above, such as "a 34-year-old white male who works at Target". Note that information can still be ''private'', in the sense that a person may not wish for it to become publicly known, without being personally identifiable. Moreover, sometimes multiple pieces of information, none sufficient by itself to uniquely identify an individual, may uniquely identify a person when combined; this is one reason that multiple pieces of evidence are usually presented at criminal trials. It has been shown that, in 1990, 87% of the population of the United States could be uniquely identified by gender, ZIP code, and full date of birth. In
hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
and
Internet slang Internet slang (also called Internet shorthand, cyber-slang, netspeak, digispeak or chatspeak) is a non-standard or unofficial form of language used by people on the Internet to communicate to one another. An example of Internet slang is "LOL" m ...
, the practice of finding and releasing such information is called "
doxing Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization, usually via the internet. Historically, the term has been used interchangeably to refer to both the aggregation of this i ...
". It is sometimes used to deter collaboration with law enforcement. On occasion, the doxing can trigger an arrest, particularly if law enforcement agencies suspect that the "doxed" individual may panic and disappear.


Laws and standards


Australia

In Australia, the Privacy Act 1988 deals with the protection of individual privacy, using the OECD Privacy Principles from the 1980s to set up a broad, principles-based regulatory model (unlike in the US, where coverage is generally not based on broad principles but on specific technologies, business practices or data items). Section 6 has the relevant definition. The critical detail is that the definition of 'personal information' also applies to where the individual can be indirectly identified: It appears that this definition is significantly broader than the Californian example given above, and thus that Australian privacy law may cover a broader category of data and information than in some US law. In particular, online
behavioral advertising Targeted advertising is a form of advertising, including online advertising, that is directed towards an audience with certain traits, based on the product or person the advertiser is promoting. These traits can either be demographic with a focus ...
businesses based in the US but surreptitiously collecting information from people in other countries in the form of cookies, bugs, trackers and the like may find that their preference to avoid the implications of wanting to build a
psychographic profile Psychographics is a qualitative methodology used to describe traits of humans on psychological attributes. Psychographics have been applied to the study of personality, values, opinions, attitudes, interests, and lifestyles. Two approaches to ...
of a particular person using the rubric of 'we don't collect personal information' may find that this does not make sense under a broader definition like that in the Australian Privacy Act. The term "PII" is not used in Australian privacy law.


Canada

* Privacy Act governs the Federal Government agencies * Ontario Freedom of Information and Protection of Privacy Act and similar Provincial legislation governs Provincial Government agencies *
Personal Information Protection and Electronic Documents Act The ''Personal Information Protection and Electronic Documents Act'' (PIPEDA; french: Loi sur la protection des renseignements personnels et les documents électroniques) is a Canadian law relating to data privacy. It governs how private sector ...
governs private corporations, unless there is equivalent Provincial legislation * Ontario Personal Health Information Protection Act and other similar Provincial legislation governs health information


European Union

European data protection law does not utilize the concept of personally identifiable information, and its scope is instead determined by non-synonymous, wider concept of "personal data". * Article 8 of the European Convention on Human Rights * The
General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...
adopted in April 2016. Effective 25 May 2018 ** supersedes the Data Protection Directive – 95/46/EC * Directive 2002/58/EC (the E-Privacy Directive) * Directive 2006/24/EC Article 5 (The Data Retention Directive) Further examples can be found on the EU privacy website.


United Kingdom

* The UK (Data Protection Act 2018) * The UK
Data Protection Act 1998 The Data Protection Act 1998 (DPA, c. 29) was an Act of Parliament of the United Kingdom designed to protect personal data stored on Computer, computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Da ...
– superseded by the UK Data Protection Act 2018 *
General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...
(Europe, 2016) * Article 8 of the
European Convention on Human Rights The European Convention on Human Rights (ECHR; formally the Convention for the Protection of Human Rights and Fundamental Freedoms) is an international convention to protect human rights and political freedoms in Europe. Drafted in 1950 by t ...
* The UK Regulation of Investigatory Powers Act 2000 * Employers' Data Protection Code of Practice * Model Contracts for Data Exports * The
Privacy and Electronic Communications (EC Directive) Regulations 2003 The Privacy and Electronic Communications (EC Directive) Regulations 2003 is a law in the United Kingdom which made it unlawful to, amongst other things, transmit an automated recorded message for direct marketing purposes via a telephone, without ...
* The UK Interception of Communications (Lawful Business Practice) Regulations 2000 * The UK Anti-Terrorism, Crime and Security Act 2001


New Zealand

The twelve Information Privacy Principles of the
Privacy Act 1993 Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
apply.


Switzerland

The Federal Act on Data Protection of 19 June 1992 (in force since 1993) has set up a protection of privacy by prohibiting virtually any processing of personal data which is not expressly authorized by the data subjects.Federal Act on Data Protection of 19 June 1992 (status as of 1 January 2014)
Federal Chancellery of Switzerland The Federal Chancellery of Switzerland is a department-level agency of the federal administration of Switzerland. It is the staff organisation of the federal government, the Federal Council. Since 2016, it has been headed by Federal Chancellor ...
(page visited on 18 September 2016).
The protection is subject to the authority of the
Federal Data Protection and Information Commissioner french: Préposé fédéral à la protection des données et à la transparence it, Incaricato federale della protezione dei dati e della trasparenza , logo = Logo der Schweizerischen Eidgenossenschaft.svg , logo_width = 300px , lo ...
. Additionally, any person may ask in writing a company (managing data files) the correction or deletion of any personal data. Cesla Amarelle, ''Droit suisse'', Éditions Loisirs et pédagogie, 2008. The company must respond within thirty days.


United States

The
Privacy Act of 1974 The Privacy Act of 1974 (, ), a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintaine ...
(Pub.L. 93–579, 88 Stat. 1896, enacted 31 December 1974, 5 U.S.C. § 552a), a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. One of the primary focuses of the
Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1 ...
(HIPAA), is to protect a patient's Protected Health Information (PHI), which is similar to PII. The U.S. Senate proposed the Privacy Act of 2005, which attempted to strictly limit the display, purchase, or sale of PII without the person's consent. Similarly, the (proposed) Anti-Phishing Act of 2005 attempted to prevent the acquiring of PII through
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
. U.S. lawmakers have paid special attention to the
social security number In the United States, a Social Security number (SSN) is a nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents under section 205(c)(2) of the Social Security Act, codified as . The number is issued to ...
because it can be easily used to commit
identity theft Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was co ...
. The (proposed) Social Security Number Protection Act of 2005 and (proposed) Identity Theft Prevention Act of 2005 each sought to limit the distribution of an individual's social security number. Additional U.S. specific personally identifiable information includes, but is not limited to, I-94 Records, Medicaid ID Numbers, Internal Revenue Services (I.R.S.) documentation. Exclusivity of personally identifiable information affiliated with the U.S. highlights national data security concerns and the influence of personally identifiable information in U.S. federal data management systems.


State laws and significant court rulings

* California ** The California state constitution declares privacy an inalienable right in Article 1, Section 1. ** California Online Privacy Protection Act (OPPA) of 2003 ** SB 1386 requires organizations to notify individuals when PII (in combination with one or more additional, specific data elements) is known or believed to be acquired by an unauthorized person. ** In 2011, the California State Supreme Court ruled that a person's ZIP code is PII. * Nevada ** Nevada Revised Statutes 603A-Security of Personal Information * Massachusetts ** 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth ** In 2013, the Massachusetts Supreme Court ruled that ZIP codes are PII.


Federal law


Title 18 of the United States Code, section 1028d(7)
* The Privacy Act of 1974, codified a
5 U.S.C. § 552a et seq.

US "Privacy Shield" Rules
(EU Harmonisation)


NIST definition

The National Institute of Standards and Technology (NIST) is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. The following data, often used for the express purpose of distinguishing individual identity, clearly classify as personally identifiable information under the definition used by the NIST (described in detail below): *
National identification number A national identification number, national identity number, or national insurance number or JMBG/EMBG is used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purp ...
(e.g.,
Social Security number In the United States, a Social Security number (SSN) is a nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents under section 205(c)(2) of the Social Security Act, codified as . The number is issued to ...
in the U.S.) *
Bank account A bank account is a financial account maintained by a bank or other financial institution in which the financial transactions between the bank and a customer are recorded. Each financial institution sets the terms and conditions for each type o ...
numbers *
Passport A passport is an official travel document issued by a government that contains a person's identity. A person with a passport can travel to and from foreign countries more easily and access consular assistance. A passport certifies the personal ...
number *
Driver's license A driver's license is a legal authorization, or the official document confirming such an authorization, for a specific individual to operate one or more types of motorized vehicles—such as motorcycles, cars, trucks, or buses—on a public ...
number * Debit/Credit card numbers The following are less often used to distinguish individual identity, because they are traits shared by many people. However, they are potentially PII, because they may be combined with other personal information to identify an individual. * Full Name * Home Address * City * State * Postcode * Country *
Telephone A telephone is a telecommunications device that permits two or more users to conduct a conversation when they are too far apart to be easily heard directly. A telephone converts sound, typically and most efficiently the human voice, into e ...
* Age, Date of Birth, especially if non-specific *
Gender Gender is the range of characteristics pertaining to femininity and masculinity and differentiating between them. Depending on the context, this may include sex-based social structures (i.e. gender roles) and gender identity. Most cultures u ...
or race *
Web cookie HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's we ...


Forensics

In
forensics Forensic science, also known as criminalistics, is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and crimina ...
, particularly the identification and prosecution of criminals, personally identifiable information is critical in establishing evidence in
criminal procedure Criminal procedure is the adjudication process of the criminal law. While criminal procedure differs dramatically by jurisdiction, the process generally begins with a formal criminal charge with the person on trial either being free on bail or ...
. Criminals may go to great trouble to avoid leaving any PII, such as by: * Wearing masks, sunglasses, or clothing to obscure or completely hide distinguishing features, such as eye, skin, and hair colour, facial features, and personal marks such as tattoos, birthmarks, moles and scars. * Wearing gloves to conceal
fingerprint A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfac ...
s, which themselves are PII. However, gloves can also leave prints that are just as unique as human fingerprints. After collecting
glove prints Glove prints, also sometimes described as gloveprints or glove marks, are latent, fingerprint-like impressions that are transferred to a surface or object by an individual who is wearing gloves. Many criminals often wear gloves to avoid leaving f ...
, law enforcement can then match them to gloves that they have collected as evidence. In many
jurisdictions Jurisdiction (from Latin 'law' + 'declaration') is the legal term for the legal authority granted to a legal entity to enact justice. In federations like the United States, areas of jurisdiction apply to local, state, and federal levels. Jur ...
the act of wearing gloves itself while committing a crime can be prosecuted as an
inchoate offense An inchoate offense, preliminary crime, inchoate crime or incomplete crime is a crime of preparing for or seeking to commit another crime. The most common example of an inchoate offense is "attempt". "Inchoate offense" has been defined as the fol ...
.James W.H. McCord and Sandra L. McCord, ''Criminal Law and Procedure for the paralegal: a systems approach'', ''supra'', p. 127. * Avoiding writing anything in their own
handwriting Handwriting is the writing done with a writing instrument, such as a pen or pencil, in the hand. Handwriting includes both printing and cursive styles and is separate from formal calligraphy or typeface A typeface (or font family) is ...
. * Masking their internet presence with methods such as using a
proxy server In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. Instead of connecting directly to a server that can fulfill a request ...
to appear to be connecting from an
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
unassociated with oneself.


Personal safety

Personal data is a key component of
online identity Internet identity (IID), also online identity or internet persona, is a social identity that an Internet user establishes in online communities and websites. It may also be an actively constructed presentation of oneself. Although some people cho ...
and can be exploited by individuals. For instance, data can be altered and used to create fake documents, hijack mail boxes and phone calls or harass people, such as in the data breach from the
EE Limited EE is a British national mobile network operator and internet service provider, which is a brand within the BT Group. EE is the second-largest mobile network operator in the United Kingdom, with 26.1 million subscribers as of September 2 ...
company. Another key case can be referred to as Financial Identity Theft, which usually entails bank account and credit card information being stolen, and then being used or sold. Personal data can also be used to create fake online identity, including fake accounts and profiles (that can be referred as Identity Cloning or
Identity Fraud Identity fraud is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person. Most identity fraud is committed in the context of financial ad ...
) for celebrities to gather data from other users more easily. Even individuals can be concerned, especially for personal purpose (this is more widely known as
sockpuppetry A sock puppet is defined as a person whose actions are controlled by another. It is a reference to the manipulation of a simple hand puppet made from a sock, and is often used to refer to alternative online identities or user accounts used fo ...
). The most critical information, such as one's password, date of birth, ID documents or Social Insurance Number, can be used to log in to different websites (See
Password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
reuse and
Account verification Account verification is the process of verifying that a new or existing account is owned and operated by a specified real individual or organization. A number of websites, for example social media websites, offer account verification services. V ...
) to gather more information and access more content. Also, several agencies ask for discretion on subject related to their work, for the safety of their employees. For this reason, the
United States Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national secu ...
(DoD) has strict policies controlling release of personally identifiable information of DoD personnel. Many
intelligence agencies An intelligence agency is a government agency responsible for the collection, analysis, and exploitation of information in support of law enforcement, national security, military, public safety, and foreign policy objectives. Means of informatio ...
have similar policies, sometimes to the point where employees do not disclose to their friends that they work for the agency. Similar identity protection concerns exist for
witness protection Witness protection is security provided to a threatened person providing testimonial evidence to the justice system, including defendants and other clients, before, during, and after a trial, usually by police. While a witness may only require p ...
programs,
women's shelter A women's shelter, also known as a women's refuge and battered women's shelter, is a place of temporary protection and support for women escaping domestic violence and intimate partner violence of all forms. The term is also frequently used to ...
s, and victims of domestic violence and other threats.


Trade of personal data

During the second half of the 20th century, the digital revolution introduced "privacy economics", or the trade of personal data. The value of data can change over time and over different contexts. Disclosing data can reverse
information asymmetry In contract theory and economics, information asymmetry deals with the study of decisions in transactions where one party has more or better information than the other. Information asymmetry creates an imbalance of power in transactions, which ca ...
, though the costs of doing so can be unclear. In relation to companies, consumers often have "imperfect information regarding when their data is collected, with what purposes, and with what consequences." Writing in 2015, Alessandro Acquisti, Curtis Taylor and Liad Wagman identified three "waves" in the trade of personal data: #In the 1970s, the Chicago Boys school claimed that protection of privacy could have a negative impact on the market because it could lead to incorrect and non-optimal decisions. Other researchers like Andrew F. Daughety and Jennifer F. Reinganum suggested that the opposite was true, and that absence of privacy would also lead to this. #In the mid 1990s, Varian retook the Chicago Boys approach and added a new externality, stating that the consumer would not always have perfect information on how their own data would be used.
Kenneth C. Laudon Kenneth C. Laudon was a professor of Information Systems at the Stern School of Business at New York University. Life and work Kenneth Laudon graduated from Stanford University and has a Ph.D from Columbia University. Laudon's first book, ''Comp ...
developed a model in which individuals own their data and have the ability to sell it as a product. He believed that such a system should not be regulated, to create a free market. #In the 2000s, researchers worked on
price discrimination Price discrimination is a microeconomic pricing strategy where identical or largely similar goods or services are sold at different prices by the same provider in different markets. Price discrimination is distinguished from product different ...
(Taylor, 2004), two-sided markets (Cornière, 2011) and marketing strategies (Anderson and de Palma, 2012). The theories became complex, and showed that the impact of privacy on the economy highly depended on the context.


See also

*
Anonymity Anonymity describes situations where the acting person's identity is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea he ...
* '' Bundesdatenschutzgesetz'' *
De-identification De-identification is the process used to prevent someone's personal identity from being revealed. For example, data produced during human subject research might be de-identified to preserve the privacy of research participants. Biological data ...
*
General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in partic ...
* Non-personal Data *
Personal identifier Personal Identifiers (PID) are a subset of personally identifiable information (PII) data elements, which identify an individual and can permit another person to “assume” that individual's identity without their knowledge or consent. Identi ...
*
Personal identity Personal identity is the unique numerical identity of a person over time. Discussions regarding personal identity typically aim to determine the necessary and sufficient conditions under which a person at one time and a person at another time can ...
* Personal Information Agent * Protected health information *
Privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
*
Privacy law Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be Personally identifiable information ...
*
Privacy laws of the United States Privacy laws of the United States deal with several different legal concepts. One is the ''invasion of privacy'', a tort based in common law allowing an aggrieved party to bring a lawsuit against an individual who unlawfully intrudes into thei ...
*
Pseudonymity A pseudonym (; ) or alias () is a fictitious name that a person or group assumes for a particular purpose, which differs from their original or true name ( orthonym). This also differs from a new name that entirely or legally replaces an individu ...
*
Obfuscation Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent u ...
*
Self-sovereign identity Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. Without SSI, individuals with persistent ...
*
Surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...


Notes


References


External links


Six things you need to know about the new EU privacy framework
A legal analysis of the new European regulatory framework about data privacy
''Personal and professional information management''

Power to the People! Giving Citizens their Personal Data Rights Back
– J Cromack
Rethinking Personal Data New Lens Report – World Economic Forum

Why Consent is Different to Marketing Preferences – K Dewar
{{Authority control Identity documents Privacy Personal life Data security Data laws Anonymity