Protecting Personal Information:
Gearing you towards the art of Compliance – Part 1
(Authored by Ullas O Tharakan)

With increase in network and computers, the information sharing and storing has become easy than ever. The sharing and storage medium could range from pocket PC’s to Cray Supercomputers. This has also let to induce malpractice based on data. Hence the government and corporate bodies world wide has tightened the framework with mandated data protection law. The core of data protection law is to present a framework to protect the personal information, which has a potential to offer mal practices.
This article explores the privacy concern and what’s going in the world to protect privacy information

News and Happenings

Each county has evolved with its own cyber law and has mandated data privacy grounds. The law is governed in terms of domestic movement of data i.e. within states versus within International boundaries.
Laws in different countries but do have similarities and to an extent differ minutely. Compliance becomes tricky for organizations that do business at international level.. For example a company doing business Europe and US needs to follow US and European union applicable guidelines while using the personal data. E.g. Telephone number generally not comes under the privacy law in US but in Europe – One has to take a written consent of the Employee before using it.

OECD (Organization for Economic Cooperation and Development was the first organization to issue guidelines for cross borders data flow. With the time the legislations are becoming strict with increased penalty for non compliance

The major challenges that span across the organization in terms of compliance related to Personal Identifier information are –

1)Definition of personal information across the organization
2)Origin of Personal information
3)Storage of Personal Information
4)Validation with respect to all the laws that are applicable
5)Who can access
6)Where can one access
7)Tracking Personal Information Flows
8)Keeping up with Laws and regulations


Defining Personal Identifier information – The identification can be governed by the Corporate Policy, information Policy, Laws and regulations. Below we will try to identify some of the stand set of the personal identifier information –




First Name or Initial ,Last Name , Video programming activity ,“Black Box” data , Social Security number , Email address , Personnel files ,GPS data , Payment history, Income , Military history , Criminal charges, convictions and court records , Merchandise and product order history , Financial transaction information , License and certificate numbers , Account numbers , Internet URLs , Device identifiers (for example, serial numbers) , Hospital dates of: birth, admission, discharge, death ,Geographic subdivisions smaller than a state (street address) , Health Plan beneficiary numbers , Medical records numbers , Fraud alerts, Service subscription history , Fax number , Telephone number , Employment history , Body identifier (for example, tattoos, scars) , Education records , Descriptive consumer listings , Customer relationships , Credit reports and credit scores , Credit card purchases , Loan or deposit balances , Credit card numbers , Vehicle identifiers (for example, license plate numbers) , Conversations (recorded or overheard) ,Voting history ,California ID numbers , Debit card numbers , Biometric identifiers (such as DNA, finger, iris, and voice prints) , Information concerning children , Biometric identifiers (for example, finger and voice prints) , Internet Protocol (IP) addresses , Any identifier the FTC determines permits the contacting of a specific individual , Medical care information (for example, organ donations, medications, disability info) , Unique identifiers that can be attributed to a specific individual , Full-face (and comparable), photographic images



I will continue this article in the next part…till then Happy reading