Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear Definition of Non-PII Data in the DPG standard for Indicator #6 #136

Open
nathanbaleeta opened this issue Jul 25, 2022 · 1 comment

Comments

@nathanbaleeta
Copy link
Contributor

nathanbaleeta commented Jul 25, 2022

Non (Personally Identifiable Information) PII Data

Non-PII data, is simply data that is anonymous. This data can not be used to distinguish or trace an individual’s identity such as their name, social security number, date and place of birth, bio-metric records etc. As a result, this data does not require encryption before it is transmitted as there is no scope for misuse that would result in harm to any individual.

Non-PII data typically includes data collected by browsers and servers using cookies. Device type, browser type, plugin details, language preference, time zone, screen size are few examples of non PII data.

Non-PII data is usually collected by businesses to track and understand the digital behavior of their consumers. This in turn can help them improve the consumer’s online experience and engagement.

Observation
Perhaps due to some lack of clarity in the standard questions, some project owners assume they collect non-PII data when they actually don't. For example a project assumed because they collect satellite imagery such data is categorized as non-PII data. Hence it to avoid any confusion it's better to provide additional clarification about non-PII data.

@jstclair2019
Copy link

Just a note, "non-PII data" can also be explicit in that it "does not contain PII". Depending on locality/industry, PII may be explicitly defined by a collection of data elements, so "non-PII data" specifically means that a none of those elements are included. In some cases, IP addresses are considered PII, as an example.

@prajectory prajectory moved this to Contributions in Standard Governance Sep 20, 2022
@prajectory prajectory moved this from Contributions to Propagate in Standard Governance Sep 20, 2022
@prajectory prajectory moved this from Propagate to Council in Standard Governance Feb 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Council
Development

No branches or pull requests

2 participants