Privacy's Open source moment - Defining Industry wide Personal Identifiable Information (PII)

Nabanita De Nabanita De

Nabanita De

Building Privacy License | Founder | Fast Company World Changing Ideas Honoree | BITS Pilani Global 30 under 30 | Forbes Brand Contributor | Formerly : Security, NLP @Uber | AI @Microsoft | Privacy @Fintech

发布日期: 2024年2月22日
+ 关注

I spoke to 100 Privacy professionals and a common issue I discovered is the inability to define exhaustive list of Personal Identifiable Information (PII) in an unified manner in the Industry. Hence when companies onboard vendors, despite having advanced technologies and years of research in this field, the vendors don't serve the company's needs in a holistic manner, as there is no exhaustive list on what needs to be detected. A common theme, I have heard from Privacy Lawyers is that many regional specific laws have different definitions of what constitutes as personal data, hence probably a single definition doesn't exist. However, I do believe Privacy deserves an open source moment, a singular definition for legos of Privacy, and hence this is my attempt to start with defining it with the exhaustive list of Personal Identifiable Information.

Definition of Personal Identifiable Information (PII):

Identifying directly or indirectly, physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, using online identifiers like name, identification number, IP address, location data etc. Traits like Person’s job, hair color, or political opinions could be classified as personal data.

领英推荐

Exhaustive List for Personal Data/PII:

  • Name
  • Email address.
  • Phone number
  • Home address.
  • Date & Place of birth.
  • Personal identification number
  • Race
  • Gender
  • Age
  • Sexual Orientation
  • Religion
  • Political opinions.
  • Credit card numbers.
  • Data held by a hospital or doctor.
  • Photograph where an individual is identifiable.
  • Identification card number.
  • A cookie ID.
  • Internet Protocol (IP) address
  • Location data (for example, the location data from a mobile phone).
  • The advertising identifier of your phone
  • Business telephone number
  • Education, medical, financial, employment information
  • Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
  • Trade-union membership;
  • Genetic data, biometric data processed solely to identify a human being;
  • Health-related data;
  • Data concerning a person’s sex life or sensitive data.?

Personal data relating to Privacy Laws?does not cover:

  • Information about someone who is deceased.
  • Properly anonymized data.
  • Information about public authorities and companies.

Would love to hear from the community on what else should be part of the PII list.

Takahide Maruoka

Credly Top Legacy Badge Earner | ISO/IEC FDIS 42001 | ISO/IEC 27001:2022 | NVIDIA | Google | IBM | Cisco Systems | Generative AI

8 个月

Thank you for info.
回复
Steve Hickman

Privacy by Design

9 个月

The W3C has done some work in this area. See https://w3c.github.io/dpv/dpv/. It is incomplete and, IMHO, has some conceptual shortcomings. But it's not nothing. What is needed is not just a list but a full fledged ontology. Having said that, Daniel Solove argues in Data Is What Data Does (https://scholarship.law.gwu.edu/faculty_publications/1671), that, because of the ability to infer so much from data, all data is essentially PII.
回复
1 次回应
查看更多评论

要查看或添加评论,请登录

更多精彩文章

社区洞察

其他会员也浏览了