Personal data is any information relating to an identified or identifiable natural person (data subject). To determine whether a natural person is identifiable from a particular data set, one must consider all the means reasonably likely to be used either by the data controller or any other person to identify the said person. This analysis requires to take into consideration the following factors:
If a data subject is likely to be identified using the above considerations, those datasets would be considered personal data.
However, given the complexity of anonymized and aggregated datasets, an organization must ask the following questions while processing such datasets:
If the answer to any of the above questions is positive, such datasets are considered personal data.
Some common examples of personal data are:
Sensitive personal data is a specific set of personal data that requires additional protection as compared to other types of personal data. It is because of the reason that the breach of sensitive personal data can have much more detrimental effects on data subjects. For example, if a patient loses his medical record in a data breach, it could have a serious effect on his medical treatment and ultimately on his life. Similarly, biometric data loss can have disastrous financial and reputational effects on criminals. Therefore, health data and biometric data must be protected separately from other types of personal data. Under most modern privacy laws, such sensitive and special categories of personal data require additional safeguards.
In most jurisdictions, sensitive personal data commonly include: