E-mail
RSS
Is All Personally Identifiable Information Really Personal? By Bert Moore, AIM Global
March 21, 2008
•White Paper: Is All Personally Identifiable Information Really Personal?
Reprinted from RFID Connections with permission from AIM Global. AIM Global, the trade association for the Automatic Identification and Mobility industry, is the source for technically accurate, unbiased, commercial-free, and up-to-date information on all AIM technologies. For additional information, please visit www.aimglobal.org.
In January 2008, the Office of the Information and Privacy Commissioner
/ Ontario [Canada] issued a report entitled RFID and Privacy; Guidance
for Health-Care Providers. The definition of Personally Identifiable
Information (PII) cited in this report is seemingly so broad as to be
unworkable and is open to wild misinterpretation or misrepresentation.
Implementing such a definition of PII could create unreasonable
restrictions on the use of RFID solutions where they could otherwise be
able to deliver real value.
Furthermore, while this study focused on the use of RFID in healthcare, the issues it raises by use of its definition of PII deserve a close look by any company that produces or uses any form of identification for any purpose.
The definition used in the report defines PII as:
"...any information, recorded or otherwise, relating to an identifiable individual. Almost any information, if linked to an identifiable individual, can become personal in nature, be it biographical, biological, genealogical, historical, transactional, locational, relational, computational, vocational, or reputational. The definition of personal information is quite broad in scope."
"Broad in scope" seems to be a bit of an understatement. "Unlimited" seems more appropriate. Protecting PII under the definition above is nearly impossible. There are ways to protect PII -- but this definition is not at all helpful in determining what is truly PII and what is not.
Instead of trying to apply this definition, I offer the following suggestion, "Let's use common sense."
Why? Let's try to apply this definition to a couple of possible scenarios.
Click Here To Download:•White Paper: Is All Personally Identifiable Information Really Personal?
