Personally Identifiable Information
This non-exhaustive list shows examples of what may be considered personally identifiable information:
- Name: full names (first, middle, last name), maiden name, mother’s maiden name, alias
- Addresses: street address, email address
- Phone numbers: mobile, business, personal
- Asset information: internet protocol (IP), media access control (MAC)
- Personal identification number: social security number (SSN), passport number, driver’s license, state identification number, taxpayer identification number, patient identification number, financial account or credit/debit card
- Personal features: photographic images (that have distinguishing features e.g. show the face), x-rays, fingerprints, retina scan, voice signature
- Information identifying personally owned property: Vehicle Registration Number
Information can also be linked to identify an individual. This information that can be combined with others to form a person’s identity may also be regarded PII:
- Date of birth
- Place of birth
- Race
- Religion
- Weight
- Activities
- Geographical location
- Employment information
- Medical information
- Education information
- Financial information
- Family members
Additional information considered personal data under GDPR:
- Ecommerce order ID
- IP address
- Cookie ID
- Location data
- Data held by a doctor that could uniquely identify an individual
- Other “online identifiers” such as tools, applications, or devices (like their computer/smartphone)
- “Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.” – European Commission.
What’s non-PII
- Information that can’t be used to identify an individual
- Anonymised data
- A company registration number
Comentários
Postar um comentário