Privacy – this is
very interesting, everybody wants protection over their own PII at the same
time people are eager to know other PII.
So what is Privacy
or Personally Identifiable Information (PII)?
PII is any data that could identify any living
individual.
Before I start further, let’s understand few terminologies
Data Controller
|
Data controller means
… a person who (either alone or jointly or in common with other persons)
determines the purposes for which and the manner in which any personal data
are, or are to be, processed.
|
Data Processor
|
Data processor, in
relation to personal data, means any person (other than an employee of the
data controller) who processes the data on behalf of the data controller.
|
Data Subject
|
Data processor means an
individual who is the subject of personal data.
|
There are laws and regulations on POPII across many countries. Different
countries have defined privacy rules as per their requirements. All countries
PII laws and regulations talk same with little changes. In general there are 7
to 10 Privacy Principles across various country’s laws and regulations
We shall discuss these principles in detail. However what is important is:
When
and how organizations are receiving PII?
OR RATHER I would say
How do
we end ourselves giving PII to different entities Knowing or -unknowingly?
To understand this holistically, let’s take examples of few different
industries
Sr
|
Industries/ Category
|
PII Entry Point
|
PII
|
Mode
|
Concerns
|
1
|
Bank or Financial industries
|
· At the time of opening an
account (Fixed Deposit, Saving / Current acc, Loan etc)
·
|
· Name & Address,
· Age & Gender
· Religion & Nationality
· Education etc
(Demographic Info)
|
· Physical form and later
electronic form (Computer & Media)
|
Not much as such industries have strict regulations to follow in most
of the countries.
|
2
|
Research Company
|
· Online Survey
· Field Survey
|
· Demographic Info as mentioned
above
· Depend upon type of survey,
it could be your personal political opinion, relational belief, Medical /
Health related survey
|
· Physical form and later
electronic form (Computer & Media)
·
|
· Are you aware what the
purpose of these survey
· Are aware how your PII would
be protected by these research companies?
· Are they going to sale your
PII?
· How long are they going to
keep your PII?
|
3
|
BPO / KPOs
|
· Outsourcing or subcontracting
· Data controller might share
PII to third party (as a part of outsourcing. Data controller could be Bank,
Insurance company, research firm, hospital,
|
· Any of above
|
· Mostly electronic form
|
· Are you aware data controller
is going to share PII with third?
· Did you give consent to your
data controller?
· Do you know how your PII is
going to be protected at third party?
· Do you know if your PII is
going out of your country? Other counties might not protect your PII as your
country.
|
4
|
Dispensary, hospital
|
· Hospitalization
· Regular checkups
|
Sensitive PII
· insurance details
· SSN
· Health problem
· Any health related deficiency
· History of health
· Medicines related etc
|
· Mostly electronic form
|
· Most of the countries have
laws to govern health related information.
· But the problem I personally feel: “is there any ongoing compliance
audit? Have they published their privacy practices etc. Does Hospital staff aware of such information security requirements?
|
5
|
Hotels, Restaurant, Club membership
|
· check-in
· opt for membership
|
· ID proof
· demographic information
|
· Registration form (physical)
and later electronic mode
|
· Does hotel or club have
privacy policy?
· Do their staffs understand
the importance of privacy?
· Do they have infrastructure/system
to protect PII?
· Are they going to share or
sale your PII to any other entity?
|
6
|
Others
Shopkeeper, Shopping Mall,
|
· At the time invoice
generation
|
· Mobile no
· demographic information
|
· Physical or electronic mode
|
· Does shopkeeper or Mall have
privacy policy?
· Do their staffs understand
the importance of privacy?
· Do they have
infrastructure/system to protect PII?
· Are they going to share or
sale your PII to any other entity?
|
7
|
All Types of employers
|
· At the time of hiring or in a
process of Interview
· Periodic appraisal / feedback
meeting
|
· ID proof
· demographic information
· Salary & Bank account information
· Experience, education and
qualification details
· Performance & appraisal details
· background / ref check check
report
|
· physical as well as
electronic information
|
· Does employer have privacy
policy to protect their employee information?
· Does employee aware if employer
is going to share PII with third party?
· are appropriate system /
infrastructure in place to protect PII?
|
There could be many
industries; I have only listed few to set a context for my “POPII blog series”
I thought this would be good to start to explain “Where and How are
sharing PII with various “Data Controller”.
Many times we tend to forget “How PII is going to be secure? Can
somebody misuse my PII?
Hope this would be useful.
Wait and watch for my NEXT blog on “PRIVACY SERIES”. I shall explain on
types of PII and privacy principles.
