A multitude of different privacy laws place strict requirements on businesses to properly handle customer information. While many of these requirements are simple enough, the majority of them depend on correctly understanding the specialized terms used. This is where things get confusing. What’s the difference between personal information and personally identifiable information? Aren’t they both the same as account data? Why do most privacy laws have different requirements for each?
Understanding Privacy Laws
Most privacy laws focus on prioritizing the customer’s right to privacy over a company’s interest in sales. These laws primarily deal with how a company may or may not use someone’s confidential information, and even how much they can collect. However, it’s not as simple as dividing customer info into categories like phone numbers or emails. Different types of private information enjoy different levels of protection, and unfortunately, these different types of information often have confusingly similar names. Let’s look at a few of the most common privacy legal terms your business leaders need to know.
Personal Information/Personal Data
The GDPR defines personal data as “any information relating to an identified or identifiable natural person”. A natural person is defined as anyone who can be directly or indirectly identified through references to information such as their location, name, ID number, etc. The amount of data that fits this definition is massive. Suffice to say, the vast majority of customer data you collect falls under the GDPR’s legal definition of personal information. And since most other privacy laws agree with this definition, restrictions on using personal information tend to apply universally.
Personally Identifiable Information (PII)
Personally identifiable information, or PII, is defined as information that can be used to identify a particular person. This may sound similar to personal data, but there’s one key difference. Personal data can be anonymized or “pseudonymized” by replacing key portions of data with placeholders. This ensures the data cannot be used to trace a particular person. PII, on the other hand, is information that can “de-anonymize” the data. Examples of PII include social security numbers, full names, bank account information, email addresses, etc. Since this information is far more unique to each individual, it’s easier to use PII to track down a particular person. PII thus deserves extra security.
Account data is any and all data a customer provides when creating an account with a company. Most account data falls under the PII umbrella, since customers provide such personal data as email addresses or even payment details to create an account. You should treat account data with the same attention and care you give to PII.
Sensitive Personal Data
Sensitive personal data includes data of a more intimate nature. This includes the customer’s ethnicity, political leaning, genetic data, healthcare information, religious beliefs, trade-union membership, and sexual preferences. Depending on the nature of your business, you may never deal with this information. But if you do, understand that sensitive personal data is intensely personal to the customer. Treat this information with the utmost care, and then only collect it if strictly necessary.
Keeping Track of Your Privacy Responsibilities
The GDPR is far from the only law focused on customer privacy. Canada’s Anti-Spam Legislation (CASL) and in the US, California has its own version, and several US states, most notably California with the CCPA, have adopted their own in recent years. Most experts expect that the US will pass a federal privacy law in the near future. For business leaders, the takeaway is simple: they have an increasing number of intricately detailed privacy laws to follow as they use their customers’ data. Worse, even a minor violation could burden the company with significant fines.
Following updates to each law and ensuring ongoing compliance create enough work for a full-time job. Fortunately, there’s a better solution: 4Comply. This expertly designed framework keeps track of which customers have given consent for their data to be used, streamlines customer rights requests, and creates a meticulously detailed record for legal purposes. 4Comply is designed to help you stay compliant with current and future privacy laws. All the information you’ll need is at your fingertips!
Ready to up your privacy game? Contact us today to see how 4Comply can keep you on top of any privacy law.