Loading AI tools
Personal data collection From Wikipedia, the free encyclopedia
The gathering of personally identifiable information (PII) refers to the collection of public and private personal data that can be used to identify individuals for various purposes, both legal and illegal. PII gathering is often seen as a privacy threat by data owners, while entities such as technology companies, governments, and organizations utilize this data to analyze consumer behavior, political preferences, and personal interests.
With advances in information technology, access to and sharing of PII have become easier. Smartphones and social media have significantly contributed to the widespread collection of personal data, making it a pervasive and controversial issue.[1]
Recent cases of illegal PII collection, such as the Cambridge Analytica scandal involving the data of over 87 million Facebook users, have heightened concerns about privacy violation and increased demands for stronger data protection laws. Major breaches at companies like Equifax, Target, Yahoo, Home Depot, and the United States Office of Personnel Management have compromised the personal and financial data of millions of Americans, leading to calls for improved information security and PII protection.[2]
Currently, there is no universally accepted definition of PII gathering. According to the U.S. National Institute of Standards and Technology (NIST), PII is defined as:[3]
(1) Any information that can be used to distinguish or trace an individual's identity, such as a name, social security number, date and place of birth, mother's maiden name, or biometric records. (2) Any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
PII gathering refers to the collection, organization, manipulation, analysis, exchange, or sharing of such data.
Governments collect PII to provide social and legal benefits, improve services, and fulfill legal obligations.[4] Depending on the type of government, whether democratic or authoritarian, methods for collecting PII may vary, but the goals are generally similar.[5]
In the U.S., PII is gathered through processes like tax filing, property registration, and driver's license applications.[6] The government also collects PII for crime prevention and national security purposes, though such practices, especially by the National Security Agency (NSA), remain controversial.[7]
China uses big data to enhance governance, employing advanced surveillance networks like the "Skynet" system with 20 million cameras. Although regulations protect PII collected by private companies, there are no limitations on government collection of such data, nor have any plans been made to implement such limitations.[8][9]
European Union nations have stringent domestic and international PII regulations.[10] For example, the General Data Protection Regulation (GDPR) provides comprehensive protections for personal data.[11]
With advancements in internet and mobile technologies, private companies collect PII through user registrations, location tracking, cookies, and other methods. Data brokers buy, sell, and analyze PII from various sources, often without user consent.[12] The Facebook–Cambridge Analytica data scandal is an example of data misuse, where only a fraction of the users whose data was collected had consented.[13]
Hackers illegally collect PII for financial or political gain. Notable examples include North Korean hackers targeting Sony Pictures and the large-scale breach at Equifax that exposed sensitive data from millions of users.
PII gathering is often associated with violation of privacy and is often opposed by privacy advocates. Democratic countries, such as the United States and those in the European Union have more developed privacy laws against PII gathering. Laws in the European Union offer more comprehensive and uniform protection of personal data. In the United States, federal data protection laws are approached by sectors.[14] Authoritarian countries often lack PII gathering protection for citizens. For example, Chinese citizens enjoy legislative protection against private companies but have no protection from government violations.[15]
The GDPR will take effect on May 25, 2018, and offers comprehensive privacy protection consistent across all sectors and industries. The regulation applies to all businesses and government agencies in the European Union countries. It also regulates all foreign companies and organizations offering services in Europe. Violation and non-compliance with the GDPR may result in penalties of up to 4 percent of the business' worldwide annual revenue. GDPR requires businesses and government agencies to get consent for data processing, make anonymous of collect data, provide quick notifications for data breaches, safe handling of data transfer across borders, and appointment of data protection officers.[16]
Section 5 of the Federal Trade Commission Act (FTC Act) is used to make companies safeguard collected PII data.[17] A company in the United States is not required to have a privacy policy, but is obliged to comply if the company disclosed a privacy policy. The company also cannot retroactively change its data collection policy without offering an opportunity for users to opt-out. The FTC imposed a $100 million penalty on LifeLock for failure to protect customer's PII data, such as social security numbers, credit card numbers, and bank account numbers, and violated the terms of a 2010 federal court order.[18]
The FTC also uses the Behavioral Advertising Principe to provide guidelines and suggestions for website operators on data collection practices, activity tracking, and opt-out mechanisms. A website operator is requested to obtain express consent before sensitive PII data, such as social security numbers, financial data, health information, and data of minors is collected and used. The Behavioral Advertising Principe also calls for reasonable security to protect the collected personal data and limited length of data retention but for as long as is necessary to fulfill a legitimate business or law enforcement need. The principle is also self-regulatory and intended to encourage more discussion and further development by all interested parties.[19]
Public concern about PII gathering centers around privacy violations and potential discrimination. The unauthorized collection and use of data, as seen in the Cambridge Analytica scandal, has fueled distrust in major platforms like Facebook, with many users demanding stricter government regulation.[20][21] Risks of PII gathering include discrimination, the loss of individual and collective freedom, monetary risk,, social risk, physical risk, and psychological risk.[22]
Seamless Wikipedia browsing. On steroids.
Every time you click a link to Wikipedia, Wiktionary or Wikiquote in your browser's search results, it will show the modern Wikiwand interface.
Wikiwand extension is a five stars, simple, with minimum permission required to keep your browsing private, safe and transparent.