What Is Privacy?
Privacy is your individual right to be free from intrusion into your personal information. It is your right to control what you share about yourself and how that information is used and shared.
Privacy is contextual, complex, and constantly evolving. There are a multitude of privacy and data protection laws that grant you rights to access, remove, and edit the information held about you. However, these rights are balanced against the legitimate uses of your information by the university to provide you with the services you’ve requested.
Because we all have different perspectives on how much personal information, we’re comfortable with sharing, privacy is a nuanced concept that means different things to different people. Privacy is a dynamic concept that requires continuous attention, adaptation and mutual respect to get it right.
The important part to remember is that privacy is about you and your right to control who has access to you and your information.
What Is Confidentiality?
Confidentiality is the ethical obligation to protect data that was shared in confidence against unauthorized uses or disclosures. It means only sharing information on a need to know basis and maintaining adequate safeguards to protect the information and maintain its integrity.
Although privacy and confidentiality are used interchangeably, it is important to note that privacy is about your individual rights to restrict access to your information and confidentiality is an ethical obligation on the part of the recipient of your data to protect the data itself.
What Is Personally Identifiable Information (PII)?
“Personal information” and “Personally identifiable information,” and “PII” are often used interchangeably. Personally identifiable information is any information that could be used to identify a particular person. Any information that can be used to identify a specific person can be considered PII.
There are two kinds of PII:
- Direct Identifiers: These identifiers can identify a person by themselves.
- Indirect identifiers: These identifiers may not identify a person on their own but can be combined with other information to identify, trace, or locate a person.
| Direct Identifiers |
Indirect Identifiers |
- Name: full names (first, middle, last name), maiden name, mother’s maiden name, alias
- Addresses: mailing address, email address
- Phone numbers: mobile, business, personal
- Electronic Asset information: internet protocol (IP), media access control (MAC)
- Personal identification numbers: social security number (SSN), passport number, driver’s license, state identification number, taxpayer identification number (TIN), Medical record numbers, financial account numbers, credit/debit card
- Personal features: photographic images (that have distinguishing features e.g. show the face), x-rays, fingerprints, retina scan, voice recording
- Information identifying personally owned property: Vehicle Registration Number
|
Information that can be combined with other datasets to identify a person can also be a type of PII
- Date of birth
- Place of birth
- Race
- Religion
- Weight
- Activities
- Geographical location
- Employment information
- Medical information (deidentified)
- Education information (directory level information)
- Financial information
- Familial Relationships
- Ecommerce order ID
- IP address
- Cookie ID
- Location data
- “Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.”
|
If you have any questions regarding the privacy and confidentiality of personal information — It's Okay to Ask! Please contact us at privacy@drexel.edu.