Although there is not a comprehensive federal law regarding the treatment of personal information in the United States, there are commonly recognized standards for what constitutes ‘data with privacy implications.’ While it varies by country and state, many consider personal information to include an individual’s first and last names as personally identifying when they appear together with a social security number or another identifier such as a name, an identification number, or location.
In the United States, the California Consumer Privacy Act (CCPA) defines personal information as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked–indirectly or directly–with a consumer or household. These identifiers may include a real name, postal address, email address, social security or driver’s license number, and more. Learn more about legislation like the CCPA from the California Legislature.
Types of Data with Privacy Implications
Many organizations collect a type of data with privacy implications known as protected health information, or PHI. Made up of information in medical records that can personally identify someone, PHI could include data like a patient name or birthdate, billing information, and even the results of medical tests. This particularly affects organizations like hospitals, foundations, community health centers, and medical research associations. The United States maintains a privacy law covering PHI practices known as the Health Insurance Portability and Accountability Act of 1996, commonly known as ‘HIPPA.’ For more information check out these resources from the U.S. Department of Health and Human Services.