Personal Data 101

So, we hear the news of another breach! Marriot has joined the list which includes Facebook, Google, Yahoo, stalwarts who have fallen into the breach well! But what is getting breached.

It is the personal data.

Question is how does one defines it?

Definition in GDPRDefinition in the Indian PDPB (Proposed)
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; “Personal data” means data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, or any combination of such features, or any combination of such features with any other information;   “Data” means and includes a representation of information, facts, concepts, opinions, or instructions in a manner suitable for communication, interpretation, or processing by humans or by automated means;

“Hell, Srinjoy, what does the above mean!!”

Well simplistically, it is any data point which alone or in combination can triangulate and identify who you are!

While that means and refers to your name, phone number, email (both personal and official), address etc., it also means any other details such as Queen of England or CEO of Apple/Google.The above does not need any further definition – we all know who these are!

However, if you look at names such as a John/Jane Smith, this does not identify a defined person without there being some other element of Personal Data which further triangulates the particular individual e.g. Address or email or phone number.

“Why is that important?”

Our Personal data lies all over the internet on various portals and online or offline records.

How that is collected, stored and used therefore becomes relevant for us as individuals and for organizations that need to use this for providing its services.

As individuals, we need to protect our personal data and really look at the ways in which we share this across platforms. As corporations we need to understand what personal data is lying where and how it is being secured as a basic building block of a more detailed analysis.