Glossary
Personal Data
Personal data (or personally identifiable information (PII)) is information that relates to an identified or identifiable individual.
What is personal data?
Personal data (or personally identifiable information (PII)) is information that relates to an identified or identifiable individual. If different pieces of information collected together can lead to someone being directly or indirectly identifiable, then this also constitutes personal data.
Personal data can include the following:
- Name
- Gender/sexual orientation
- Address
- Telephone number
- Date of birth
- Email address
- IP address and geolocation data
- Internet browsing history/cookie identifiers
- ID number/passport/driver’s license social security number
- Sexual orientation/racial background
- Credit or debit card number, bank account details
- Employee records
- Photos/video footage, as collected by CCTV
- Biometric data such as fingerprints, iris scans
- Health data/records and genetic data
- Information on a person’s religious or philosophical beliefs
If it is possible to identify an individual directly from the information you are processing, even by making inferences between different data sources, then that information may be personal data.
Personal data subdivides into two groups:
- Sensitive data – private data that if revealed could cause harm to an individual
- Non-sensitive data – data that is personal, but is freely available through multiple sources (such as public records, phone books, corporate directories and websites.)
Both of these types of data must be protected and handled securely and in line with regulations and best practice.
Why is personal data important?
Use of personal data delivers benefits both to the individual involved, and to organizations. For example it can be used to deliver a personalized service to a consumer, such as targeting specific groups with particular products or offers.
However, it can be used to target people more insidiously, such as through adverts on social media based on posts individuals have viewed/liked or even profiling and discriminating against specific groups (such as charging different groups higher prices). Many digital companies (such as free social media networks) have built their business models on collecting personal data from consumers, and selling this information to advertisers who use it to target consumers with their products and services.
In the worst case scenario if personal data is stolen or leaked to hackers or criminals it can lead to identity theft, bank fraud, the threat of personal harm and other serious offenses. It is therefore vital to ensure that any personal data a company collects is protected and kept secure, especially if it is sensitive personal data.
What regulations affect personal data?
Driven by concerns about privacy and misuse of personal data, governments around the globe have implemented regulations around the collection, usage and protection of personal data. These seek to provide consumers with more control over their personal data and how it is used by third-parties.
Current regulations include:
- The European Union’s General Data Protection Regulation (GDPR)
- The California Consumer Privacy Act (CCPA)
- The US federal Health Insurance Portability and Accountability Act (HIPAA)
Often, these regulations are backed by significant penalties for non-compliance. For example, under GDPR, organizations can be fined 4% of annual global revenue or €20 million for significant breaches.
The overall trend is for greater regulation around personal data, as more countries and states implement legislation that is predominantly based on the principles within the GDPR and CCPA.
How should organizations protect personal data?
Failing to protect personal data has serious consequences for organizations, including:
- Legal action and fines under legislation such as GDPR and CCPA, as well as potential class-action lawsuits
- Reputational damage, impacting customer loyalty, revenues and share price
Companies therefore need to protect personal data through:
- Strong security and encryption to prevent hackers gaining access to personal data
- Effective, documented data governance policies that specify who has access to particular data at a dataset and granular level, where it is stored and how it is transported
- Constant monitoring and logging to provide a record of who has accessed specific data/datasets
- The use of techniques such as anonymization and pseudonymisation to avoid the possibilities that data can be used to accidentally identify individuals
Learn more
Data Trends
Overcoming the top 5 challenges faced by Chief Data Officers
Chief Data Officers are central to organizations becoming data-centric, maximizing data sharing to ensure that everyone has immediate access to the information they need. We explore the challenges they face - and how they can be overcome with the right strategy and technology.
Public Sector
The importance of data exchanges to state-level collaboration
State governments cover an enormous range of services and are often complex, diverse organizations. Data sharing helps them become more collaborative, efficient and effective, building trust with stakeholders. How can data exchanges break down silos and enable data sharing and help them meet their key objectives?