Personal Data
Definition:
Defining personal data, as distinct from personal information, or personally-identifiable information. Personal data is defined in the GDPR. Article 4(1) states that personal data “means any information relating to an identified or identifiable natural person”. The CCPA uses the term personal information to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”. The term personally identifiable information (PII) was historically used, especially in the US, but is being superseded by the term personal information in newer laws and standards. The US National Institute for Standards and Technology (NIST) defines PII as “any information that can be used to distinguish or trace an individual‘s identity” and “any other information that is linked or linkable to an individual”. This definition gives PII a similar meaning to personal data and personal information. However historically the term PII had a more narrow meaning, relating to just certain types of data, and so its use can cause confusion. In this guide we will use the term personal data.
Commentary: