Difference between revisions of "WOT Wiki:Personally Identifiable Information (PII)"
(→Source) |
|||
| Line 21: | Line 21: | ||
| − | ==Source== | + | ===Source=== |
NIST Special Publication 800-122 [http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf PDF] | NIST Special Publication 800-122 [http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf PDF] | ||
<blockquote>''Guide to Protecting the Confidentiality of Personally Identifiable Information (PII): <br />Recommendations of the National Institute of Standards and Technology <br />Computer Security Division <br />Information Technology Laboratory <br />National Institute of Standards and Technology <br />Gaithersburg, MD 20899-8930 <br />April 2010''</blockquote> | <blockquote>''Guide to Protecting the Confidentiality of Personally Identifiable Information (PII): <br />Recommendations of the National Institute of Standards and Technology <br />Computer Security Division <br />Information Technology Laboratory <br />National Institute of Standards and Technology <br />Gaithersburg, MD 20899-8930 <br />April 2010''</blockquote> | ||
| + | |||
| + | |||
| + | ==UK Data Protection Act 1998== | ||
| + | |||
| + | [http://www.statutelaw.gov.uk/content.aspx?activeTextDocId=3190610 Data Protection Act 1998 (c. 29)] <br /> | ||
| + | [http://en.wikipedia.org/wiki/Data_Protection_Act_1998 Wikipedia article] | ||
| + | <blockquote>The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves.</blockquote> | ||
see also: [[Privacy Policy|Privacy Policy]] | see also: [[Privacy Policy|Privacy Policy]] | ||
Revision as of 04:59, 22 April 2010
The protection of PII is important to maintain public trust and confidence in an organization, to protect the reputation of an organization, and to protect against legal liability for an organization. Organizations have always considered trust, confidence, and reputation as motivating factors in protecting PII. Recently, organizations have become more concerned about the risk of legal liability due to the enactment of many US federal, state, and international privacy laws.
Examples of PII Data
The following list contains examples of information that may be considered PII.
- Name, such as full name, maiden name, mother’s maiden name, or alias
- Personal identification number, such as your Social Security Number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, and financial account or credit card number.
- Address information, such as street address or email address.
- Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people.
- Telephone numbers, including mobile, business, and personal numbers.
- Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other biometric image or template data (e.g., retina scans, voice signature, facial geometry).
- Information identifying personally owned property, such as vehicle registration or identification number, and title numbers and related information.
- Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, or employment, medical, education, or financial information).
Source
NIST Special Publication 800-122 PDF
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII):
Recommendations of the National Institute of Standards and Technology
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
April 2010
UK Data Protection Act 1998
Data Protection Act 1998 (c. 29)
Wikipedia article
The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves.
see also: Privacy Policy
