Personal data facts for kids

Kids Encyclopedia Facts

Personal data is any information that can be linked to you, like your name, address, or even your favorite color if it's stored with your other details. It's also called personal information or personally identifiable information (often shortened to PII).

Think of it like clues that point to you. Some clues, like your full name or a special ID number, can identify you directly. Other clues, like your age or where you live, might not identify you alone, but if someone combines them with other information, they could figure out who you are.

Governments and organizations around the world have different rules about what counts as personal data and how it should be protected. For example, in the European Union and the United Kingdom, "personal data" is a very broad term that covers almost anything linked to a person. This is important because it decides how companies must handle your information.

As technology grows, it's become easier to collect and share personal data. This has created a market where companies collect and sometimes sell this information. But it also means criminals might try to use your data to pretend to be you (this is called identity theft) or to bother you. Because of these risks, many websites have privacy policies that explain how they handle your data. Laws like the General Data Protection Regulation (GDPR) in Europe also help protect your personal information.

What is Personal Data?
Protecting Your Personal Data
Laws and Standards for Data Protection
The Business of Personal Data
- Data Brokers
See also

What is Personal Data?

Different groups and laws define personal data in slightly different ways, but the main idea is always the same: it's information that can be linked to a person.

For example, the National Institute of Standards and Technology (NIST) in the United States says PII is "any information about an individual... that can be used to distinguish or trace an individual's identity." This includes things like your name, social security number, or even your IP address (which is like your computer's address on the internet).

The General Data Protection Regulation (GDPR) in the European Union defines personal data as "any information relating to an identified or identifiable natural person." This means if someone can figure out who you are, directly or indirectly, using that information, it's personal data.

Here's a simple way to think about it:

The word "red" by itself isn't personal data.
But if a company stores "red" as your "favorite color" in your profile, then it becomes personal data because it's linked to you.

Some information, like your name, might not be enough on its own to cause harm. But if it's combined with other details, it could be used to identify you and potentially put you at risk. For instance, knowing someone's gender, ZIP code, and full date of birth can uniquely identify a large number of people.

Protecting Your Personal Data

It's really important to protect your personal data, especially online. Criminals might try to find your information to cause problems. This is why you often hear about people trying to hide their identity when they do something wrong.

For example, they might:

Wear masks or special clothes to hide their face or unique features like tattoos.
Wear gloves to avoid leaving fingerprints.
Avoid writing things down in their own handwriting.
Use special tools to hide their internet address (IP address) so it's harder to trace them online.

Your personal data is a big part of your online identity. If it falls into the wrong hands, it can be used to create fake documents, take over your online accounts, or even harass you. This is why it's so important to use strong passwords and be careful about what information you share online.

Sometimes, criminals try to steal your bank account or credit card details. This is a type of identity theft focused on your money. They might also create fake online profiles using someone else's name, like a celebrity, to trick others into sharing their data.

It's also why many organizations, like the United States Department of Defense or intelligence agencies, have strict rules about sharing their employees' personal information. This helps keep their staff safe. Similarly, programs like witness protection or shelters for victims of violence also focus on keeping personal information private to ensure safety.

Laws and Standards for Data Protection

Many countries have laws to protect personal data. These laws help control how companies and governments collect, store, and use your information.

Australia

In Australia, the Privacy Act 1988 helps protect individual privacy. It says that "personal information" includes anything about an identified person, or someone who can be reasonably identified. This is a very broad definition.

Canada

Canada has several laws to protect personal information, depending on who is holding the data:

The Privacy Act covers federal government agencies.
Provincial laws, like the Ontario Freedom of Information and Protection of Privacy Act, cover provincial government agencies.
The Personal Information Protection and Electronic Documents Act (PIPEDA) covers private companies.
There are also specific laws for health information, like the Personal Health Information Protection Act in Ontario.

European Union

The European Union has strong data protection laws. They focus on "personal data," which is a very wide concept.

The General Data Protection Regulation (GDPR), which started in 2018, is a major law that protects personal data across the EU. It replaced older rules.
The Directive on Privacy and Electronic Communications (e-Privacy Directive) deals with privacy in electronic communications, like emails and cookies on websites.

United Kingdom

After leaving the EU, the UK has its own versions of these laws:

The Data Protection Act 2018 works with the UK's own version of the GDPR (called the UK GDPR) to protect personal data.

United States

The U.S. has several laws that protect personal information, often focusing on specific types of data or situations:

The Privacy Act of 1974 sets rules for how federal agencies handle personal information.
The Health Insurance Portability and Accountability Act (HIPAA) protects your Protected Health Information (PHI), which is similar to PII.
Lawmakers have paid special attention to the social security number because it can be easily used for identity theft.
Some states also have their own strong privacy laws. For example, California has laws like the Online Privacy Protection Act (OPPA) and SB 1386, which requires organizations to tell people if their personal information has been accessed without permission.

NIST Definition

The National Institute of Standards and Technology (NIST) is a U.S. agency that helps set standards. They define PII to include:

Direct identifiers:

* National identification number (like a Social Security number in the U.S.) * Bank account numbers * Passport number * Driver's license number * Debit/credit card numbers

Potential identifiers (can be combined with other info):

* Full name * Home address, city, state, Postcode, country * Telephone number * Age, date of birth * Gender or race * Web cookie (a small file websites put on your computer)

The Business of Personal Data

In recent years, with the rise of the internet, there's been a big increase in the "trade" of personal data. This is sometimes called "privacy economics." Companies collect your data, and sometimes they share or sell it to other companies.

This can be helpful, for example, when companies use your data to show you ads for things you might actually be interested in. But it also means that consumers often don't fully understand when their data is being collected, why it's being collected, or what might happen with it.

Data Brokers

There are companies called "data brokers" whose main business is collecting and selling personal information. They gather data from many different sources, like public records, social media, and even things you buy online. They then create profiles about people and sell these profiles to other businesses for marketing, checking credit, or other purposes.