Data privacy laws throughout the world are directed to protecting information that can be used to identify an individual. How this information is defined varies based on the jurisdiction and different laws but terms commonly used are:

  • Personally identifiable information (PII)
  • Sensitive personal information (SPI)
  • Sensitive information
  • Personal data
  • Sensitive personal data or personal information

The definition of these terms may be found in the legislation or regulations themselves, other legislation and regulations, national and local standards and case law.

Information that is or may be protected under data privacy laws either alone or in combination with other information include:

  • Full name
  • Birth date and birth place
  • Social security number or other state or national identification number
  • Home address
  • Email address(es)
  • Telephone number(s)
  • Passport number
  • Fingerprints & facial recognition
  • Retina and iris scans
  • Voice patterns, and other biometric information
  • Genetic and health information
  • Racial or ethnic origin
  • Religious & political beliefs
  • Sexual orientation
  • IP address
  • Driver’s license number
  • Login credentials and passwords
  • Financial information
  • Memberships
  • Criminal records
  • Economic status
  • Educational institutions attended

Safeguarding personal information that can be combined to identify an individual requires strategic planning. Certain information that is publicly available such as full name and address may be sufficient to identify an individual but this information although publicly available may still be protected under data privacy laws depending on what type of private company or organization has this information in its records.