What is Personally Identifiable Information?
A huge amount of data exists on the Internet, only a portion of which can actually be linked to a specific individual. To separate out information that is linked to a specific person from data in general, laws and privacy policies focus on Individually Identifiable Information or Personally Identifiable Information (often referred to as PII).
PII is one of the following – or other data in combination with one of the following:
- First and Last names
- Physical address (under COPPA it doesn’t have to be your home address)
- Email address
- Phone number
- Social security number
As the types of data that we can gather and store increases, its been suggested that geo tags (information, often embedded in an image or video, that places the data in a particular geographic location), your voice, and your facial image also be considered part of PII. However, so far the data that is considered part of PII is traditional contact and tracing information.
Child Online Privacy Protection Act (COPPA)
COPPA, passed in 1998 and in effect since 2000, is aimed at protecting children and their privacy on the Internet. It defines “children” as those who are under 13. If a site
- asks for personal information from its users
- and is a site aimed at children or the site owner actually knows that children use the site
there must be a clear explanation of what information is being collected and what is being done with it. In order for any site to collect and share information about children it must gain parental consent.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a large health insurance law that covers any number of important things. One of those things is what health information companies can share with each other.
HIPAA includes a section on “Standards for Privacy of Individuals Identifiable Health Information”:
“Individually identifiable health information” is information related to:
- Individual’s past, present or future physical or mental health or condition
- The provision of health care to the individual or
- The past, present or future payment for the provision of health care to the individual
- And that identifies the individual or can be used to identify the individual. Individually identifiable health information includes many common identifiers (name, address, birthday, SSN)
Gramm – Leach – Bliley Act (GLBA)
The GLBA is an act that covers when and how financial services companies may share personal information.
GLBA requires that financial institutions tell customers what they want to share with third parties and provide their customers with the ability to opt out of having their information shared.
More terms to come…
In addition to federal privacy laws there are also a host of state privacy laws and industry best practices that are widely adhered to. Keep an eye out for posts on those topics in the weeks to come.