Data privacy is becoming an integral part of every organization, with various laws developing around the globe. Corporates process various kinds of data, which includes personal data. Managing this massive amount of data is becoming an arduous task with technology advancement and data growing every second.
Before delving into the numerous data privacy laws and standards, it is critical to first comprehend what Personally Identifiable Information (PII) is. PII is information that can be used to determine an individual’s identity based on their personal information. Every data privacy law and regulation defines it differently. Under the European Union’s (EU) data privacy act, GDPR (General Data Protection Regulation), PII is personal or sensitive data which can be first name, last name, address, identification number or factors such as biometrics, cultural, social identity, economic, mental or genetic. Likewise, under the Health Insurance Portability and Accountability Act (HIPAA), information related to an individual’s health is considered personal data, also known as Protected Health Information (PHI), along with other PII, which include address, driver's license, social security number, credit card information, and passport number.
GDPR has emerged as a comprehensive data privacy regulation concentrating on the protection of EU residents' personal data, regardless of the location or organization processing that data. Similarly, India’s Data Privacy Act - the proposed Indian Personal Data Protection Bill (PDPB) should protect the personal information of Indians. The California Consumer Privacy Act (CCPA) was enacted to strengthen data privacy rights and consumer protection for California residents. The implementation of the Chinese Data Security Law (DSL) is effective from September 2021.
According to the ISACA® glossary, privacy is defined as:
The rights of an individual to trust that others will appropriately and respectfully use, store, share, and dispose of their associated personal and sensitive information within the context, and according to the purposes, for which it was collected or derived.