Personal data is any information about an individual person: their name and contact details, online activity, location, even health status.
In addition to information that can identify an individual, data that has been rendered anonymous—or pseudonymized— to protect privacy is also personal data.
You can collect this data from public records or state administration authorities. You can also use non-public records when regulations allow it.
Data collected directly from consumers rather than official records is collected on a wide spectrum of informed consent. In other words, sometimes consumers supply the data knowingly while in other cases they may not understand they’re providing anything at all. Most often, while consumers understand that they are providing some information, they do not know what kind or how much. Rather, they tend to think that companies either hide the specifics or bury them in hard-to-parse terms-of-service agreements.
For their part, large companies like Facebook, Twitter, and Google consider personal data as “payment” for services they provide for free to users. Rather than collecting payment from users, these companies make money by collecting and selling their information for ad targeting.
Attributes of personal data are many. They include names, addresses, email addresses, identification card numbers, location data (such as the GPS on a mobile phone), IP addresses, cookie IDs, and the advertising identifiers on phones. Vendors can even collect (pseudonymized) data from clinics or hospitals.
Some organizations use personal data to understand their customers better and provide better service. They may also share customer details with third parties who can analyze it for insights or advice. For example, third-party analysis can lead to the creation of new products or to the optimization of targeted marketing.
Personal data can also be used for the public good. For example, medical researchers or government officials can use the data to keep people safe from disease or crime.
The EU’s GDPR (General Data Protection Regulation) dictates that organizations must make “every reasonable step” to ensure that personal data stay as accurate as possible. Organizations must erase or correct any inaccurate data “without delay.”
You can asses the quality and accuracy of the data with email and IP validation tools at both the time of data entry and the time of use.
When choosing vendors, be sure that they comply with all local or international regulations, through the use of tools mentioned above. Further, vendors should be able to guarantee the accuracy and validity of all types of data included in their personal database while ensuring it is extensive and frequently updated.
A short introduction to accountability in machine-learning algorithms under the GDPR
Facebook Transparency Report
[EFF and the Reynolds School of Journalism at the University of Nevada, Reno provides the] largest-ever collection of searchable data on police use of surveillance technologies [like drones, license plate readers, and more.]
The Atlas of Surveillance database, containing several thousand data points on over 3,000 city and local police departments and sheriffs’ offices nationwide, allows citizens, journalists, and academics to review details about the technologies police are deploying, and provides a resource to check what devices and systems have been purchased locally.