What is Personal Data?
From a legal standpoint, many key jurisdictions define Personal Data as any information that can be used on its own or in combination with other information to identify, contact, or locate an individual. Data that can be used on its own to identify or locate an individual includes information such as a person’s full name, credit card number, social security number, or driver’s license number. Data that can be used in combination with other information to identify or locate an individual is not as obvious. For example, a person’s gender, location at a given date and time, IP address, alma mater, favorite sports team or ethnicity may all qualify as Personal Data. Used in isolation, this type of data cannot identify a person, but when taken in combination with other information, the data may be sufficient to identify an individual.
- The type of Personal Data a company collects upon registration or at other points during a user’s use of a website or app (e.g., name, email address)
- How a company uses that Personal Data(e.g., to target ads to the user, fulfill user requests, provide support)
- To which third parties companies may disclose such data (e.g., hosting service providers, third-party marketers)
[i]A few examples of the various data privacy and protection laws and regulations that may apply to a business:
HIPPA (Health Insurance Portability and Accountability Act): Imposes strict privacy requirements regarding a patient’s medically related information within the United States.
COPPA (Children’s Online Privacy Protection Rule): The FTC imposed requirements on website or online services operators regarding the collection of data from children under 13 years old within the United States.
California Online Privacy Laws: California has enacted 14 individual laws relating to online privacy in addition to the federal regulations. See https://oag.ca.gov/privacy/privacy-laws
EU Data Protection Directive: the European Union views the protection of personal data as a fundamental human right and has enacted strict data privacy laws as a result. Websites and apps with users in the EU must take note of EU specific data protection regulations.