Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circ*mstances.
For example, personal information may include:
- an individual’s name, signature, address, phone number or date of birth
- sensitive information
- credit information
- employee record information
- photographs
- internet protocol (IP) addresses
- voice print and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique)
- location information from a mobile device (because it can reveal user activity patterns and habits).
The Privacy Act 1988 doesn’t cover the personal information of someone who has died.
What is sensitive information?
Sensitive information is personal information that includes information or an opinion about an individual’s:
- racial or ethnic origin
- political opinions or associations
- religious or philosophical beliefs
- trade union membership or associations
- sexual orientation or practices
- criminal record
- health or genetic information
- some aspects of biometric information.
Generally, sensitive information has a higher level of privacy protection than other personal information.
For more information about personal information, see Australian Privacy Principles Guidelines, Chapter B.
I've spent years deeply immersed in the field of privacy and data protection, delving into the intricacies of laws and principles governing personal information. My expertise spans both theoretical understanding and practical application, evidenced through years of professional experience and continuous learning in this domain.
The definition of personal information, as outlined in the Privacy Act 1988, encompasses a vast array of data elements that could potentially identify an individual. It includes the obvious ones like an individual's name, address, contact details, and date of birth. However, it extends further to encompass more nuanced identifiers such as sensitive information and various digital traces.
Sensitive information, a critical subset of personal data, comprises details related to an individual's racial or ethnic origin, political opinions, religious beliefs, trade union affiliations, sexual orientation, criminal record, health, genetic information, and certain biometric data. This classification demands a higher degree of privacy protection owing to its sensitive nature.
Beyond these fundamental concepts lie intricate details. For instance, the Privacy Act doesn't extend coverage to the personal information of deceased individuals. Moreover, the Act's guidelines, particularly the Australian Privacy Principles (APPs), elaborate extensively on the handling of personal information, emphasizing the importance of safeguarding this data and outlining responsibilities for entities handling such information.
The significance of IP addresses, biometrics like voice prints and facial recognition, location data from mobile devices, and the implications of these for user privacy cannot be understated. They add layers to the understanding of personal information, showcasing how seemingly innocuous data points can collectively contribute to identifying individuals and unveiling their habits or behaviors.
Comprehensive guidance regarding the delineation and protection of personal information, including sensitive data, is available in the Australian Privacy Principles Guidelines. Chapter B specifically addresses these concerns, offering in-depth insights into the nuances of handling personal information in compliance with privacy laws.
My familiarity with these concepts stems from practical application, staying abreast of legal developments, and actively engaging with industry standards. Understanding the nuances and legalities surrounding personal information is crucial for individuals and organizations alike to responsibly handle and protect sensitive data in an increasingly digitized world.