Indicating PII i.e. Personally Identifiable data category or categories in combination

Question

Indicating PII i.e. Personally Identifiable data category or categories in combination

Closed this issue 5 months ago · 7 comments

| Migrated ISSUE-28: Include a way to indicate PII (Personally Identifiable Information)

State: OPEN
Raised by: Harshvardhan J. Pandit
Opened on: 2019-11-26
Description: Description: "This was an input from people at Dativa (Jan Lindquist and Paul Knowles) when Harsh presented the DPV on a recurring hyperledger indy meeting call. "
Reporter: Jan Lindquist & Paul Knowledge (Dativa; via Harsh)
Link: https://lists.w3.org/Archives/Public/public-dpvcg/2019Sep/0001.html
Notes: "we could resolve those as a flag/subclass. Harsh will provide a proposal on how to address this issue"

Answer 1 · 2022-02-22T23:46:24.000Z

This implies that there should be a concept PII representing Personally Identifiable Information. However, whether to indicate this using the conventional definition (data that enables identification) or newer ISO definition (data that used by itself or in combination with others can identify the data subject) is up for discussion. My suggestion is to utilise the ISO definition, and mark is as a subtype of Personal Data with a note indicating that there is a 'gap' between the two. Would be good to have a source to cite for this though.

Answer 2 · 2022-11-23T13:27:12.000Z

We discussed in today's meeting and decided to add a note regarding definition of PII varying and therefore we not providing a concrete concept for PII as it can be the same as personal data or a subset. We will rethink how to provide this as a label or concept for specific jurisdictions that require it.

Answer 3 · 2022-12-03T19:38:37.000Z

I've added a note to the Primer at https://w3c.github.io/dpv/primer/#personal-data stating that we're exploring PII as a concept, or as a label. The issue will remain open for discussion.

Answer 4 · 2023-08-01T14:04:54.000Z

We can have IdentifyingPersonalData with further types as ExplicitlyIdentifyingPersonalData and IndirectlyIdentifyingPersonalData

Answer 5 · 2023-08-17T22:02:30.000Z

Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org

this was discussed in today's meeting and accepted as concepts to indicate identifying with distinction between explicit and indirect. These will be accepted in the next meeting.

Answer 6 · 2023-08-24T19:30:27.000Z

Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org

concepts have been accepted in today's meeting

Answer 7 · 2024-04-20T17:01:09.000Z

Reviewed and closed based on IdentifyingPersonalData - https://w3id.org/dpv#IdentifyingPersonalData. The concepts for Explicitly and Indirectly have been removed as they are vague and can be used in unintended ways e.g. indirectly can be any data as it is combined with an identifier/identifying data.