Personal data or personal information refers to any information relating to an identified or identifiable natural person. This includes data that directly identifies an individual (such as name, ID number, or email address) or data that can indirectly identify them when combined with other information. The classification and handling of personal data is fundamental to data protection and privacy compliance frameworks worldwide.
Personal Data / Personal Information
Regulatory Definitions
- GDPR (EU Regulation 2016/679): Article 4(1) defines personal data as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
- CCPA/CPRA (California Privacy Rights Act): California Civil Code § 1798.100 defines personal information as "information that identifies, relates to, describes, or could be reasonably linked with, directly or indirectly, a particular consumer or household." The CPRA expands this in § 1798.140(w) to include information that is reasonably capable of being associated with or could reasonably be linked with a particular consumer or household.
- HIPAA (Health Insurance Portability and Accountability Act): HIPAA Omnibus Rule (45 CFR §160.103 and §164.103) defines protected health information (PHI) as individually identifiable health information, including demographic data, that relates to past, present, or future physical or mental health conditions and is created or received by a covered entity. HIPAA uses the term PHI rather than "personal information" but serves an equivalent function in the healthcare context.