Personal Data
Personal and sensitive data refers to information that can be used to identify an individual, such as their personal name, address, date of birth, personal images, and medical history.
Personal data:
- Personal name: Refers to the full name of an individual, including their first name and last name.
- Address: The physical location where an individual lives, including their house number, street name, city, and postal code.
- Date of birth: The specific day, month, and year when an individual was born.
- Gender: the individual's identity relating to male, female, don’t know, prefer not to say
- Personal images like a photograph in school uniform: An image of an individual wearing their school uniform, which can be used to identify and locate them.
- Payment details: bank card details used for purchasing items or bank details to access online banking
- Passwords: the combination of letters, numbers and symbols used to access accounts that are held by the individual
Sensitive data:
- Medical record/history: Information related to an individual's health, including any past illnesses, medical conditions, or treatments they have received. This can include any genetic or DNA information about genetic characteristics
- Political views: the individual's opinions on political matters/issues and how they are being handled by the current government. This can include memberships in political parties
- Ethnic/racial origin: the ethnic or cultural origins of the individual's ancestors
- Criminal activities: any past or current criminal offences
- Religion/philosophical beliefs
- Membership of a trade union: made up of workers to protect and advance the interests of all workers in the workplace
- Sexual orientation: defining who you are attracted to, the opposite gender, the same gender, or to both or more than one gender
- Biometric data: body measurements used to identify us uniquely like fingerprints or facial features
Why should personal data be protected?
- Inappropriate disclosure of personal data can lead to privacy breaches, identity theft, or misuse of the information
- Personal data could be sold to third party companies
- Individuals could be held to ransom over personal data gathered
- Information gathered could be used to commit a physical crime
How to avoid data being inappropriately disclosed:
- Personal data must be kept confidential and protected through privacy settings on websites such as social media or strong passwords on websites where personal data is held or used
- Access to personal data should be limited to authorised individuals
- Think before you post - consider what information could be gathered from your image or content
- Check website details about the collection, storage, and use of personal data
- Only access websites where personal data is used or viewed when on a secure, encrypted connection
Worked example
Some confidential personal data can be classified as sensitive data.
Name three items of personal data that could also be sensitive.
[3]
3 of:
Ethnic/racial origin [1]
Religion/philosophical beliefs [1]
Political views/opinions [1]
Membership of a political party [1]
Membership of a trade union [1]
Sexual orientation [1]
Criminal record [1]
Health/medical record [1]
Genetic data/DNA [1]
Biometric data [1]