When the average person thinks about privacy, what comes to mind? And does that definition differ from how we talk privacy protection approaches in online and data privacy?
Historic Definition
The classical definition of privacy as defined in legal in legal documents from the 19th century is “the right to be left alone, or freedom from interference or intrusion.” Privacy as focused on the physical landscape.
However, like other information policy practices such as security, the definition of privacy has evolved with the digital age.
Personal Data
Data privacy is a little different. It expands the definition focus on the “use and governance of personal data.” Privacy in this case is defined by how personal data is collected, stored, and used.
But what “personal data” are we keeping private? What needs protected and governed? According to the General Data Protection Regulations in the EU, personal data is “any information which [is] related to an identified or identifiable natural person.”
GDPR’s definition of identifiable is especially broad as it can be any information indirect or directly linked. The EU’s approach is to “assume that the term “personal data” should be as broadly interpreted as possible.”
Other laws or governance policies narrow down that definition of what counts as personal data to what can be personally identifiable information (or PII).
Personally Identifiable Information (PII)
According to the International Association of Privacy Professionals (IAPP), PII is “any information about an individual, including any information that can be used to distinguish or trace an individual’s identity.”
PII is defined differently in different laws and policies, which include wider or narrower categories on what counts as “identifiable”. PII can be information that is identifiable on its own (such as a Social Security Number) or can be combined to be identifiable (such as name and date of birth).
IAPP gives more examples: “as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and any other information that is linkable to an individual, such as medical, educational, financial, and employment information.”
Defining Privacy in a Digital Age
In the age of the internet and big data, being “left alone” is tricky. We give away information just by using apps for convenience, creating an ever growing distributed data set about ourselves.
In this landscape, privacy is the protection rights around information about yourself. Specifically, information that can be linked back to your identity (alone or combined). This can include how and when you disclose information, knowing what information about you is out there, how your data is used, or being able to change/edit/delete that data.
Online Portfolio of Sonia Reed 