Difference between revisions of "WOT Wiki:Personally Identifiable Information (PII)"
Bob Zenith (talk | contribs) m |
|||
| Line 6: | Line 6: | ||
* Name, such as full name, maiden name, mother’s maiden name, or alias | * Name, such as full name, maiden name, mother’s maiden name, or alias | ||
| − | * Personal identification number, such as your Social Security Number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, and financial account or credit card number. | + | * Personal identification number (PIN), such as your Social Security Number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, and financial account or credit card number. |
* Address information, such as street address or email address. | * Address information, such as street address or email address. | ||
| Line 44: | Line 44: | ||
sources: | sources: | ||
| − | * Wikipedia [ | + | * Wikipedia [https://secure.wikimedia.org/wikipedia/en/wiki/Personal_Information_Protection_and_Electronic_Documents_Act article] |
* [http://laws.justice.gc.ca/en/P-8.6/ Personal Information Protection and Electronic Documents Act (2000, c. 5)] | * [http://laws.justice.gc.ca/en/P-8.6/ Personal Information Protection and Electronic Documents Act (2000, c. 5)] | ||
* [http://laws.justice.gc.ca/eng/P-21/index.html Privacy Act (R.S., 1985, c. P-21)] | * [http://laws.justice.gc.ca/eng/P-21/index.html Privacy Act (R.S., 1985, c. P-21)] | ||
| Line 53: | Line 53: | ||
''officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data'' | ''officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data'' | ||
| − | The '''Data Protection Directive''' is a European Union directive which regulates the processing of personal data within the [ | + | The '''Data Protection Directive''' is a European Union directive which regulates the processing of personal data within the [https://secure.wikimedia.org/wikipedia/en/wiki/European_Union European Union]. |
| − | source: [ | + | source: [https://secure.wikimedia.org/wikipedia/en/wiki/Data_Protection_Directive Wikipedia entry] |
===European Commission: Justice and Home affairs=== | ===European Commission: Justice and Home affairs=== | ||
| Line 87: | Line 87: | ||
[http://www.statutelaw.gov.uk/content.aspx?activeTextDocId=3190610 Data Protection Act 1998 (c. 29)] <br /> | [http://www.statutelaw.gov.uk/content.aspx?activeTextDocId=3190610 Data Protection Act 1998 (c. 29)] <br /> | ||
| − | [ | + | [https://secure.wikimedia.org/wikipedia/en/wiki/Data_Protection_Act_1998 Wikipedia article] |
<blockquote>The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves.</blockquote> | <blockquote>The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves.</blockquote> | ||
Revision as of 20:23, 22 July 2010
The protection of PII is important to maintain public trust and confidence in an organization, to protect the reputation of an organization, and to protect against legal liability for an organization. Organizations have always considered trust, confidence, and reputation as motivating factors in protecting PII. Recently, organizations have become more concerned about the risk of legal liability due to the enactment of many US federal, state, and international privacy laws.
Contents
- 1 Examples of PII Data
- 2 Australian Data Protection Act
- 3 Canadian Personal Information Protection and Electronic Documents Act
- 4 European Union Data Protection Directive
- 5 Hungary Data Protection Bill
- 6 Federative Republic of Brazil
- 7 India Privacy Laws
- 8 UK Data Protection Act 1998
- 9 United States Privacy Laws
Examples of PII Data
The following list contains examples of information that may be considered PII.
- Name, such as full name, maiden name, mother’s maiden name, or alias
- Personal identification number (PIN), such as your Social Security Number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, and financial account or credit card number.
- Address information, such as street address or email address.
- Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people.
- Telephone numbers, including mobile, business, and personal numbers.
- Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other biometric image or template data (e.g., retina scans, voice signature, facial geometry).
- Information identifying personally owned property, such as vehicle registration or identification number, and title numbers and related information.
- Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, or employment, medical, education, or financial information).
Source
NIST Special Publication 800-122 PDF
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII):
Recommendations of the National Institute of Standards and Technology
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
April 2010
Australian Data Protection Act
[347=x-347-61940 Privacy International]
The Australian Senate on 6 December 2000 approved the Privacy Amendment (Private Sector) Bill which extends privacy protections to the private sector. The bill was strongly criticized by privacy advocates and the opposition political party as being far too weak. Commentary by privacy expert Roger Clarke who describes the bill as "the world's worst privacy legislation." The European Commission has also expressed concern that the law would not be adequte for transborder data flows.
Advisory Report on the Privacy Amendment (Private Sector) Bill 2000
Also reference: Electronic Frontiers Australia Inc.
Canadian Personal Information Protection and Electronic Documents Act
Individual rights
- know why an organization collects, uses or discloses their personal information;
- more
Organizations requirements
- obtain consent when they collect, use or disclose their personal information;
- more
sources:
- Wikipedia article
- Personal Information Protection and Electronic Documents Act (2000, c. 5)
- Privacy Act (R.S., 1985, c. P-21)
European Union Data Protection Directive
officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data
The Data Protection Directive is a European Union directive which regulates the processing of personal data within the European Union.
source: Wikipedia entry
European Commission: Justice and Home affairs
Hungary Data Protection Bill
- Hungarian Parliamentary Commissioner for Data Protection and Freedom of Information
- privacyinternational.org - visit
Federative Republic of Brazil
Article 5 of the 1988 Constitution of Brazil provides that "the privacy, private life, honor and image of persons are inviolable, and the right to compensation for property or moral damages resulting from their violation is ensured."
Reference:
- privacyinternational.org - visit
India Privacy Laws
No specific legislation pertaining to data protection and privacy has been enacted in India. The Indian government is currently considering the idea of enacting a detailed law on data protection under the initiative of the Ministry of Communication and Information Technology.
References:
UK Data Protection Act 1998
Data Protection Act 1998 (c. 29)
Wikipedia article
The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring UK law into line with the European Directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves.
United States Privacy Laws
United States does not regard online protection very highly, with very few laws being enacted to protect the rights of online users'. However, the Supreme Court of the United States has protected a user's right to privacy in a few instances, most notably, in the case of Griswold v. Connecticut. The case dealt with a Connecticut law outlawing the use of contraceptives. The law was found to be unconstitutional (by a 7-2 vote) because it violated a right to "marital privacy". Although not directly related to online users' privacy, this landmark case did show that it is considered that the Constitution does protect peoples' privacy, setting a legal precedent for future cases and/or legislation to be passed.
California's Online Privacy Protection Act
According to California's Online Privacy Protection Act (OPPA), all online businesses that "collects personally identifiable information through the Internet about individual consumers residing in California" must have a Privacy Policy on its website. If a website fails to add a Privacy Policy within 30 days of being notified to do so, then it is in violation of this Act. California Law Code
see also: Privacy Policy
