Risks that arise when artificial intelligence systems collect, analyze, or infer personal information. AI can re-identify individuals from anonymized data, generate biased outcomes, or use data for purposes users never consented to.
Information about a person’s physical or behavioral traits, such as fingerprints, facial features, voice patterns, or iris scans, used to verify identity.
Permission given by an individual for their personal data to be collected, used, or shared. Under most privacy laws, consent must be informed, specific, and freely given.
Information used to log into digital accounts, such as usernames, passwords, and security questions. Weak or reused credentials are a common cause of data breaches.
The process of combining data from multiple sources. While useful for analytics, aggregation can increase privacy risks by allowing indirect identification of individuals.
An incident where personal or sensitive information is accessed, disclosed, or stolen without authorization. Breaches can result from cyberattacks, human error, or system failures.
A company that collects, aggregates, and sells consumer information (often from public records, online activity, or commercial sources) to advertisers, marketers, and other businesses.
A privacy principle that requires organizations to collect only the personal information necessary for a specific purpose and to retain it only as long as needed.
The policies, technologies, and practices used to secure personal data and ensure it is handled lawfully, transparently, and safely.
Information describing a person’s background, such as age, gender, marital status, occupation, education level, or income. On its own, this data may seem harmless but can become sensitive when combined with other identifiers.
Technical details that identify a user’s device, such as an IP address, MAC address, or advertising ID. These can reveal patterns about online activity and approximate location.
The trail or record of information a person leaves online through their activity, including posts, searches, purchases, device use, and website visits.
Information related to a person’s economic activity, including bank account numbers, credit card details, transaction history, and credit reports. This data is highly sensitive and a frequent target of cybercrime.
Information that shows where a person is or has been, gathered through GPS, Wi-Fi, or mobile networks. It can reveal travel habits, workplaces, and home addresses.
Information about a person’s physical or mental health, medical history, prescriptions, or treatments. This data is protected under strict privacy laws because of its sensitivity.
Official numbers assigned to individuals, such as passport, driver’s licence, tax file, or social security numbers. These are direct identifiers and among the most valuable forms of PII.
A type of fraud that occurs when someone uses another person’s personal information—such as name, ID number, or financial details—without permission, often for financial gain.
Data that links online activity to a specific person or profile, such as cookies, account IDs, or browsing history. Companies often use these for analytics and targeted advertising.
Attributes that describe or distinguish an individual, such as photos, date of birth, race, or physical features. These can reveal personal identity or contribute to bias when misused in algorithms.
Any data that can identify, contact, or locate a specific individual, either directly (such as a name or ID number) or indirectly (such as location data or online identifiers).
A broad term for any data that could cause significant harm if disclosed, such as health records, financial details, biometric information, or data about race, religion, or political opinions.
The monitoring of a person’s online behavior, such as clicks, searches, and time spent on pages, often used to personalize ads or improve website performance.
From our blog:
What constitutes personally identifiable information or PII?
14 real-life examples of personal data you want to keep private
The top 10 ways bad actors use your stolen personal information
What should I do if I’ve been caught in a data breach?
How MySudo keeps you safe on social media even in a data breach
