💰💌 Si tu te procures un abonnement d'un an au forfait premium de Oui, mais je LLM d'ici le 30 novembre, je t'offre en prime mes quatre formations autodidactes, une valeur de 276 $ ! Clique ici !" 💰💌
Personal Data and Privacy Cheat Sheet
🌘 What really is personal information?
Law 25 considers defining what personal information is a guessing game! The RGPD only gives about ten examples.
I’ve done better than that, and I’m sharing it with you here.
People come to us talking about “Data that allows direct or indirect identification”: a nice definition that can confuse both lawyers and data spécialistes. Useful for interpretations before courts, but in our daily lives, it’s not great for making good decisions with our customer data.
Add to that pseudonymization and anonymization, two concepts that are just as difficult to define legally as technically, to complicate everything even more. There’s no doubt that you have no idea what we’re talking about here!
That’s why I spent hours researching and publishing this list of over 100 types of data that you might find in your business and that can constitute personal information under Law 25 and the RGPD.
🌘 Direct and indirect identification
Personal information, sometimes called personal data, are information about a person that allows them to be identified directly or indirectly. They always require the consent of the person before being shared.
Direct identification corresponds to the unique characteristics of a person, while indirect identification is based on a statistical incidence.
For example, if in your company, there is only one woman in the IT department, if we talk about the “woman in IT”, we know who we’re talking about. On the other hand, if there are two, we no longer know who we’re talking about, we need a second piece of personal information to identify them indirectly.
Indirect identification is done by accumulation of personal information. That’s why all personal information must be protected, even if they are insufficient to identify someone taken separately.
🌘 Pay attention to context
Just as important, the notion of privacy is contextual and also depends on the scope of the consent of the person who generated the information. That’s why we cannot define what confidential information is in a general way. Personal information can be confidential or not, depending on the situation.
🌘 Personal information formats
Personal information can also be found in different formats: databases, forms, conversations, audio or video recordings, printed documents, photos…
🌘 The list
I present you with a non-exhaustive list (and with no legal value) of personal information organized by categories. I want to help you identify them in your databases and prepare an action plan to protect them properly, in compliance with current laws (for example, Law 25 in Quebec and the RGPD in the European Union and the United Kingdom).
🌘 Beliefs and opinions
- Intellectual current or movement
- Ideology
- Moral or ethical
- Philosophy
- Political
- Religion
- Spirituality and esotericism
🌘 Membership
- Association
- Religious group
- Social media groups and relationships
- Political party
- Union
- Fraternity or sorority
- Think Tank or interest groups
🌘 Conversational data
- Phone calls
- Video conference calls
- Messaging
- Emails
- Postal correspondence
🌘 Personal finances
- Online commerce (Kijiji, Marketplace, Craigslist, Etsy …)
- Financial statement: assets and liabilities
- Use of cryptocurrencies and transactions on a blockchain
- Credit score
- Tax information
- Opening a line of credit
- Participation in organized crime, a pyramid scheme, collusion or protection racket (mafia)
- Bank refusal
- Financial transactions: income and expenses
- Purchase of shares and other financial securities
- Private and real estate investment
- Bank and credit statements
🌘 Civic and judicial status
- Fines
- Citizenship
- Criminal record
- Informant or witness
- Offenses
- Ongoing judicial proceedings
- Civil proceedings and out-of-court settlements
- Presence on a jury
- Police protection
- Immigration or refugee status
- Victim of a criminal act
🌘 Unique and electronic identifiers
- IP address
- Email address
- Watermarks and invisible markers
- IMEI/IMSI (cellular network identification number)
- MAC Address (Wifi, Bluetooth)
- Username
- Internet domain name
- Health insurance number (Carte Soleil in Quebec)
- Social insurance number
- Bank or credit card number
- Loyalty program member number
- Driver’s license number
- Car serial number
- License plate
- Any other identifier issued by a government, private company or association
🌘 Home information
- Insurance level
- Interior photos
- House plan
- Renovations
- Home automation systems
🌘 Location
- Postal address
- Proximity sensor (AirTag, Bluetooth)
- Geospatial coordinates (GPS system)
- Movement habits
- Travel photos
- Surveillance cameras
- Transportation titles, passport, visa, bills
- Trips
- Radio or cellular signal triangulation
- Use of a post office box
🌘 Health data
- Accidents
- Allergies
- Consumer health sensors such as smartwatches
- Medical sensors such as those for blood glucose
- Physical condition
- Menstrual cycle, pregnancy
- Medical diagnoses
- Medical history, including family
- Medication intake
- Medical appointments and hospitalization (place, date, time, professional met)
- Mental health and psychometric test results
- Disability situations
- Vaccination status
- Height and weight
- Use of alternative medicine
🌘 Biometric and genetic data
- Scars
- Fingerprints
- Facial expressions
- Body marks
- Photos and videos
- DNA sequence
- Tattoos, piercings and implants
- Facial features
🌘 Behavioral data
- Reading, writing and speech difficulties
- Keyboard typing
- Browsing history
- Body movements and non-verbal language
- Neurodivergence (autism, ADHD) diagnosed or not
- Written signature (on paper or electronic tablet)
- Nervous tics
- Voice (voice print)
- Vocabulary and language level
🌘 Ethnic and cultural origin
- Membership in an indigenous or colonizing people
- Membership in a tribe, clan, caste
- Ethnicity
- Family structure and genealogy
🌘 Civil status
- Adoption and legal guardianship
- Former names and first names
- Date of birth
- Gender identity
- Names and first names
- Marital status
🌘 Sexual identity and gender, sexual orientation and intimacy
- Conversations (sexting)
- Fetishism and intimate lifestyle
- Identification with an LGBTQ+ group
- Sexual identity and gender
- Genital organs and gender affirmation surgeries
- Polygamy and polyamory
- Sexual preferences
- Extramarital relationships
- Transgender identity
- Sex work
- Use of pronouns
🌘 Informal identity
- Avatars
- Pseudonyms
- secret/infiltration agent
- sex work
- artist name
- web usernames
- Nicknames
🌘 Children
- Date of birth, age
- Movements (daycare, school, leisure)
- First and last names, nicknames
- Number of children
- Photos and videos
- Preferences (games, foods…)
This page was translated from Aide-mémoire sur les données personnelles