What is Personally Identifiable Information ?



What is Personal Data?

In the US personal data is known as personally identifiable information (PII).   Generally, it is defined as information that can be reasonably linked to an individual, using persistent identifiers. Federal and State statutes determine a more specific definition of PII (GLBA, HIPAA, Privacy Act, ect).

For example, under HIPAA there are 18 points of personally identifiable information. The pieces of identifiable information are as follows: Name, address, city, county, zip, precinct, DOB, admission date, discharge date, date of death, ages over 80, Telephone/Fax #, Email address, SSN, Medical record #, Health plan #, Account#, Certificate/license #, Vehicle (VIN, Plate#), Device ID and Serial #, URL, Biometric ID (finger print, voice print), Full-face photographs,  and ny other unique identifiers.

In the EU (GDPR), personal data is defined as data related to an identifiable natural person, who can be identified (directly or indirectly) by reference of an identifier. Examples of personal data include: ID#, Location data, physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Under GDPR, personal data can further be classified as anonymous, psudenomous and sensitive personal data.  These classifications are crucial to determining the level of compliance required.

Comments

Popular posts from this blog

Sample Privacy Risk Assesment Example and Explanation

Preserving User Privacy in Digital Advertising: Navigating Consent and Privacy by Design

Cross Border Transfer Mechanism: Model Clauses