Hello. Welcome to Cyber is Intermediate Data Security Course P II, all the instructor Dustin Perry.
In today's video, we're going to discuss what P II is and how it compares to personal data. Then we're going to go over something you may have heard of recently. And that's GDP are what's going to get started.
Personally identifiable information or P I, for short, is any data that could potentially be used to identify a particular person.
Examples of P. I include a full name, Social Security number,
driver's license number,
bank account numbers,
passport numbers and email addresses.
We often talk about P I I in the context of data breaches and identity theft.
If a company or organization suffers a data breach, a significance on concern is what p. I A. Data may have been exposed.
The personal data of the customers to do business or otherwise interact with the energy
exposed P. I can be sold on the dark Web and used to, and it's typically used to commit identity theft or, um,
otherwise put breach victims at risk. Not all data is created equal, though
first example of that your Social Security number.
This number is yours and yours alone. If someone steals your Social Security number, it's critically important to your identity.
But what about your name?
Typically, it's pretty likely that someone else could share your name. How Maney, Steve Smiths or Maria Garcias are there.
Your name is important, but without any other information, it's not likely that you could be identified with just your name.
But what if they combine your name with a email address or a hometown?
Now they're getting much closer to identifying you.
Before the days of the digital age, it was always important to keep yourself security card locked up, then never carry with you
if you did that, and only that your risk of having your identity stolen was pretty low.
But now welcome to the Internet age. The age of information and data always accessible your fingertips.
Your information is everywhere and whether you're aware of it or not,
how many websites have your email address?
How many websites had to register with your email address?
Most of these websites probably have your name as well.
What about any online shopping that you've done?
They probably have your shipping address and payment information
that with the combine information from some big breaches like Equifax,
your information or release, Some of it is probably already out there.
While P II is a commonly recognized term, there is another term that many people may be familiar with, and that's personal data.
The difference between P I and personal data can be explained by the following
personally identified or identifiable information, or P. I is a term used typically mainly within the United States of America.
Personal data is considered to be the European equivalent of P I. However, it doesn't completely correspond to the P I definite definition that's popular here in the US
The new you privacy law GDP or General Data Protection regulation defines personal data as the following
personal data means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified directly or indirectly, in particular by reference
two unidentified or such as a main identification number, location, data,
online identifier or 21 or more factors specific to the physical fizz it
physiological, genetic, mental, economic, cultural or social identity of that natural person.
So one important note GDP are states that even Web cookies that are used to track you online can be considered personal data.
It's a little bit more about GDP. Are
companies that collect data on citizens in the European Union or the U
need to comply with strict new rules about protecting customer data?
The GDP are or General data protection Regulation sets a new standard for consumer rights regarding their data
being that it is so new. And like most laws, that leaves much to interpretation. It says that companies must provide a reasonable level of protection for personal data but does not define what constitutes reasonable.
This gives the GDP our governing body, a lot of leeway when it comes to assessing fines for data breaches and non compliance.
So what types of privacy data does GDP are protect,
and we kind of went over the definition in the previous slide. But I go. It protects basic identity information such as your name, address and the I D numbers. You may have
Web data as well. Includes location I P address cookie data and even or if i d. Tags,
health and genetic data,
racial or ethnic data,
political opinions and even sexual orientation.
any company that stores or processes personal information about you. Citizens within the EU states must comply with GDP are even if they do not have a business presence within the EU.
There is us but specific criteria for companies required to comply, and that includes any
presence in an EU country.
No presence in the U. But it processes personal data of European residents.
More than 200 employees,
fewer than 250 employees. But its data processing impacts the rights and freedoms of data subjects
is not occasional or include certain types of sensitive personal data.
That effectively means that
and covers pretty much all companies. There was a survey from PWC that showed that 92% of U. S companies consider a GDP are to be a top data protection priority.
So quick quiz Question.
What is the difference between P II and personal data?
Yeah, if we've talked about this this whole video, um, they're the really similar things, but they're things that can be used to identify a person.
P i I is typically used in mainly in United States, and personal data is considered to be the U equivalent of P. I
In today's video, we discussed P I or personally identifiable information.
We went over the differences between P I and personal data and we went into a little bit more GDP are.