Talk:Personal data

Combination
Added information pointing out that a piece of information by itself is rarely PII. It is the combination of pieces of information that result in a unique identification. I also wanted to reinforce the point that the reason this issue is addressed in law is that this information once collected can be used to cause harm to a person financially, socially, legally, or otherwise. Not endorsed by or on behalf of my employer. JLA 199.79.222.119 (talk) 19:09, 1 July 2009 (UTC)

Equivalence
After reading the first three references, I propose to edit the article to replace the phrase "All are equivalent" with the phrase "All are not equivalent" and to point out differences in the definitions. The definition and examples of "personally identifiable information" (PII) in the OMB memo are quite explicit that a name by itself is PII, and a social security number by itself is PII. The OMB memo also takes the position that sometimes PII is "sensitive" and sometimes not. The EU definition defines a different term, "personal data", and gives it a much broader meaning: *any* information relating to an identifiable person. The California Senate Bill SB1386 defines yet another term, "personal information", and gives it a much narrower meaning: It is "personal information" only if it is the individual's first name or first initial and last name, and only if it is combined with one or more of the following: (1) social security number, (2) driver's license number or California ID card number, (3) account number, credit or debit card number, and any required information permitting access to an individual's financial account. It is not the case that the OMB, EU, and SB1386 definitions are equivalent. It is not factual to state that, under the OMB definition, "a name that lacks context cannot be said to be PII." Similarly, it is not factual to state that, under the OMB definition, a social security number that lacks context is not PII. On the other hand, the SB1386 definition (of the term "personal information") does make such exclusions. Jarplain (talk) 02:02, 9 August 2009 (UTC)


 * The narrow definition of "personal information" in SB1386 is a qualification specific to breach notification. California's Information Practices Act of 1977 (CA Civil Code 1798.3 gives a much broader definition of "personal information" i.e., "any information that is maintained by an agency that identifies or describes an individual, including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history. It includes statements made by, or attributed to, the individual." I think it is important to include this broader definition of "personal information" to show that California privacy law is not only about SSNs, Driver's Licenses, etc.  RipplesEcho (talk) 00:31, 7 September 2012 (UTC)

It occurs to me this page needs cross-references to articles that discuss "personal health information." For example, HIPAA, Personal Health Record, Electronic Medical Record, and so on. Think81 (talk) 18:51, 24 August 2009 (UTC)

87%
"It has been shown that, in 1990, 87% of the population of the United States could be uniquely identified by gender, ZIP code, and full date of birth"

This seems very implausible. I would be more convinced if the reference cited was not a broken link. 165.91.166.209 (talk) 16:17, 23 April 2010 (UTC)

Its a fairly common stat. But I agree, it needs a real reference. Egret (talk) 21:50, 29 June 2010 (UTC)

This quote is from a study by Dr. Latanya Sweeney of CMU (see http://privacy.cs.cmu.edu/people/sweeney/) and the document reference is "Uniqueness of Simple Demographics in the U.S. Population." (code LIDAP-WP4). The abstract link is broken but this research is cited by the EFF at https://www.eff.org/deeplinks/2009/09/what-information-personally-identifiable --S.Hamel (talk) 05:40, 29 March 2011 (UTC)

Proposed Bills
There's a section of Proposed Federal Bills that all point off to empty wiki pages.

* Privacy Act of 2005 * Information Protection and Security Act * Identity Theft Prevention Act of 2005 * Online Privacy Protection Act of 2005 * Consumer Privacy Protection Act of 2005 * Anti-phishing Act of 2005 * Social Security Number Protection Act of 2005 * Wireless 411 Privacy Act

I don't believe any of these became law - and have no references. I believe we should probably remove. Egret (talk) 19:46, 27 July 2010 (UTC)
 * Brainmatch. When I saw this, I was wondering the same thing. I'll go right ahead if you want.
 * Admins: If you object, revert my edit. It's too late. 68.173.113.106 (talk) 23:39, 25 May 2012 (UTC)

Removed Dead link
Removed dead link to PDF in external links! — Preceding unsigned comment added by 86.46.197.183 (talk) 14:27, 13 June 2012 (UTC) Fixed another dead link. There are still dead links in this article that need to be addressed (moreover, the archive site says it has no history for these links)

Origins of this term
Whoever came up with this term? (Its word structure doesn't make much sense: the literal meaning is information that can be identified as a person, while the actual meaning is information that suffices to identify a person .) Rp (talk) 12:21, 11 October 2012 (UTC)

Does "identity" = "PII" or not? If not, what?
I'm trying to find out what is the meaning of the word "identity" in the phrase "identity theft". What exactly is that thing which is being stolen when an "identity theft" crime occurs? Like "art theft" refers to a piece of art being stolen, and "auto theft" refers to an automobile is being stolen. Or is "identity theft" a grammatical misnomer, that it doesn't refer to an "identity" is being stolen, that there's no such thing as an "identity" to begin with (in this context), that no theft of anything is occurring? Does "identity theft" really mean nothing more than "impersonation"?

I did Google search for "identity", found many classes of meaning, but no *noun* by itself that sounds like it would fit in that phrase. I found an entry for "identify theft", clicked on it, found the phrase "stealing someone's identity", which is grammatically what I'm asking about. But the link from the word "identity" doesn't link to a page defining that word, rather links to a page on Personally Identifiable Information (PII). On that page there's no mention as to whether the single word "identity" is a synomym for the phrase "Personally Identifiable Information" or not.

This PII page says "PII can also be exploited by criminals to stalk or steal the identity of a person", which makes it obvious that "PII" and "identity" are *not* the same thing, right?

Later the PII page says "The following data, often used for the express purpose of distinguishing individual identity, clearly class as PII under the definition used by the U.S. Office of Management and Budget", which again seems to imply that "PII" is not the same thing as "identity", right?

More confusion, in the table of kinds of PII, it lists "Digital identity". So what does that mean?? This is seriously begging the question, IMO.

More begging the question: "The following are less often used to distinguish individual identity, because they are traits shared by many people." What does "individual identity" mean??

Later "Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, ..." What exactly is this so-called "identity" that is being distinguished or traced??

Later "one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;" The essential word "identity" is muddied, not defined.

Later "A Social Security Number (SSN) without a name or some other associated identity or context information is not SB1386 "personal information", but it is PII. More begging the question what does the word "identity" mean in the first place.

Later "about an individual whose identity is apparent" Again, using the word without defining what it means. What exactly is this **thing** called an "identity" that is apparent??

Later "Just how much extra effort or difficulty would such a step need before we could clearly say that the identity could NOT be "reasonably ascertained" from it?" Again, begging the question what exactly is this thing called an "identity" which people are trying to ascertain??

Later "In forensics, the tracking down of the identity of a criminal, personally identifiable information is critical in zeroing in on the subject." Again, begging the question what exactly is the "identity" which the police are trying to "track down". Apparently it's somehow related to "zeroing in" on the person who committed the crime, but what exactly is this "identity" and what is its relation to the PII and what is its role in the process of "zeroing in"?

Later "In some professions, it is dangerous for a person's identity to become known," Again, what exactly is this thing which is dangerous to be known in this case?

Later "Similar identity protection concerns exist for witness protection programs," Again, what exactly is this thing that needs protection in such cases?

Now following the link to the page titled "Personal identity", it says "Personal identity is the unique numerical identity of persons through time. That is to say, the necessary and sufficient conditions under which a person at one time and a person at another time can be said to be the same person, persisting through time.^ But what does the phrase "numerical identity" mean? That phrase has a link to another WikiPedia page titled "Identity (philosophy)"m which says "In philosophy, identity, from Latin: identitas ("sameness"), is the relation each thing bears just to itself." I don't see **any** way that somebody can steal the philosophical tautology that something is equal to itself??????

This all really needs to be fixed, either link the word "identity" to a different page that directly defines the word "identity", or on the PII page say somewhere that the word "identity" is a synonym for PII (which I rather doubt given the several passages I quoted that seem to say otherwise), or some other resolution to this question-begging that I can't even guess. WikiPedia is supposed to clarify questions like this, not play bait-and-switch and beg-the-question. 198.144.192.45 (talk) 03:00, 12 January 2013 (UTC) Twitter.Com/CalRobert (Robert Maas)

Personal safety
Hello ! I removed a sentence that looked very much like a personal reflexion. Also I added information about the safety issues related to Personal data, especially the known cases and issues related to the content of the category "NIST definition".

Conflating Personal info and Private info
There seems to be a gap or mis-structuring here ... If one looks for Private Information, it redirects here.

First, that seems to not differentiate "private information" from "personal information". Second, that seems explaining a particular term in US Federal law and NIST as if it were the entire domain worldwide. It does not convey this as a subset of Personal Information, or contrast to say Private Personal Information, and shows other nations larger topic Privacy Law as if that was the same topic and covered by PII -- when there are other (and better) articles specific to Privacy.

I'm thinking five steps of 'better' would be:
 * break the redirecting,
 * end para 1 with a line stating PII is subset of personal information and related to private information
 * at See Also add links to Privacy and Personal
 * at In Privacy law subsection add 'see main article' link to Privacy law
 * come back later with more

Anyone have problems with these ? Alternative link-making or good cite to suggest ? Markbassett (talk) 14:16, 3 April 2015 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 1 one external link on Personally identifiable information. Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive https://web.archive.org/20110629082449/http://www.dod.mil/pubs/foi/withhold.pdf to http://www.dod.mil/pubs/foi/withhold.pdf

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers.—cyberbot II  Talk to my owner :Online 07:19, 13 February 2016 (UTC)

I am writing an article on 'Proof of Identity', primarily focussed on systems for proving Identity, both physical and in cyberspace. Does this belong as a sub-section of this PII article, as a sub-section of a different article - maybe Identity document, or it's own article? Pinkelk (talk) 19:56, 12 June 2016 (UTC)

Not using one's own handwriting
Typewriters are commonly used, though they can also be traced. A common method ( at least in film fiction ) is to cut and paste words and letters from newspapers and magazines. Should we add some examples ? GeoffAvogadro (talk) 10:26, 2 November 2016 (UTC)

Examples List
A "vehicle registration plate number" is not PII. It is not "clearly classified as PII" by the cited NIST publication SP 800-122 (reference [13]), in the same way that full vehicle registration data or driver's license information is. Also, while a vehicle carrying a registration plate is usually registered to a single individual or entity (company, municipality), it does not uniquely identify a driver when multiple individuals may have access to the vehicle for that purpose. And finally, it fails the obviousness test -- most jurisdictions require that it is plainly displayed on the exterior of the vehicle. License plate information can be used to corroborate identity, but on its own does not convey any information about identity -- not even primary state of residence in the United States (because primary personal residence is not a requirement for registering a vehicle in a state).

This item should be removed from the list of PII in the article.

- Disagree: NIST SP 800-122 Section 2.2 lists "Information identifying personally owned property, such as vehicle registration number or title number and related information" as an example of information that may be considered PII. --Jimfenton (talk) 17:32, 13 May 2019 (UTC)

How does information identify someone and how can someone else dictate that some data is personal to someone else?
It would be interesting to know how information identifies someone. Given even a DNA test is only 99.9999% accurate that makes a huge number of people with the same DNA test result matching. How does information other than DNA identify someone other than a 'tag' or a 'label' that someone else has decided to use for you? Is there a way they can prove that that 'tag' or 'label' identifies 'you'? It is not like the 'physical you' is within a database with other unique information that identifies the 'physical you', so then... how is it possible to identify someone especially with 0% of mis-identification?

ZhuLien (talk) 6:38, 12 August 2020 (UTC) — Preceding unsigned comment added by 218.214.190.174 (talk)

"Private information" listed at Redirects for discussion
An editor has identified a potential problem with the redirect Private information and has thus listed it for discussion. This discussion will occur at Redirects for discussion/Log/2022 May 28 until a consensus is reached, and readers of this page are welcome to contribute to the discussion. -- Tamzin  [ cetacean needed ] (she/they) 02:57, 28 May 2022 (UTC)

Private information" listed at Redirects for discussion
Private information" listed at Redirects for discussion 102.213.69.183 (talk) 22:56, 29 November 2023 (UTC)


 * This discussion is at Redirects for discussion/Log/2022 May 28. Peaceray (talk) 23:56, 29 November 2023 (UTC)

Wiki Education assignment: Cybersecurity Policy
— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)