PrivacyOps Certification

Course content

Create Account

Log in / Create account to save progress and earn badges

PrivacyOps Certification
View course details →

Personal Data and Sensitive Personal Data

Mark Complete Enroll now to save progress and earn badges. Click to continue.

Personal data is any information relating to an identified or identifiable natural person (data subject). To determine whether a natural person is identifiable from a particular data set, one must consider all the means reasonably likely to be used either by the data controller or any other person to identify the said person. This analysis requires to take into consideration the following factors:

  • Objective factors such as the costs and amount of time required for the identification of the data subject.
  • Contextual elements that may vary case by case, such as population density, nature and volume of data, and
  • The use of available technology at the time of data processing.

If a data subject is likely to be identified using the above considerations, those datasets would be considered personal data. 

However, given the complexity of anonymized and aggregated datasets, an organization must ask the following questions while processing such datasets:

  • Singling out: Is it possible to single out a data subject?
  • Linkability: Is it possible to link records of a data subject? 
  • Inference: Can any information be inferred about a data subject?

If the answer to any of the above questions is positive, such datasets are considered personal data. 

Some common examples of personal data are:

  • Name
  • Identification number
  • Location data
  • Postal address
  • A unique personal identifier or an online identifier 
  • Internet protocol address
  • Email address
  • Account name
  • Social security number
  • Driver’s license number
  • Passport number

Sensitive personal data is a specific set of personal data that requires additional protection as compared to other types of personal data. It is because of the reason that the breach of sensitive personal data can have much more detrimental effects on data subjects. For example, if a patient loses his medical record in a data breach, it could have a serious effect on his medical treatment and ultimately on his life. Similarly, biometric data loss can have disastrous financial and reputational effects on criminals. Therefore, health data and biometric data must be protected separately from other types of personal data. Under most modern privacy laws, such sensitive and special categories of personal data require additional safeguards. 

In most jurisdictions, sensitive personal data commonly include:

  • Health data
  • Biometric data
  • Genetic data
  • Racial and ethnic origin
  • Political opinions or political organization membership
  • Religious or ideological convictions
  • Trade union membership
  • Sexual orientation or data concerning an individual’s sex life

XML Sitemap

Gartner Customers Choice Gartner Cool Vendor Award Forrester Badge IDC Worldwide Leader Gigaom Badge RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend IAPP Innovation award 2020