On Personal Information
Personal information has four building blocks:
i. Information
ii. “Relating to” (this is a GDPR term, but may also be included here as part of the phrase “from which the identity of an individual”)
iii. Identified or identifiable (from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly and certainly identify an individual)
iv. Individual (i.e., natural persons)
Subjective (“The employee is smart”) and false (“The employee is 29 years old” when in fact s/he is 28) information are considered personal data.
Public (“A is working for XXX bank”) and private (“A is a wife beater”) information are both personal data.
Relationship may be through direct content (“He is A”), purpose (“A’s car has 9000 miles in it” for the purpose of identifying A as owner of the car), or result (“A’s business seems to be doing too good” by a tax collector, resulting in A as business owner being taxed more).
“Identifiable” means that if the information is combined with other pieces of information, the data subject may be identified taking into consideration the available technology. A good example includes dynamic IP addresses, which put together with data held by ISP addresses, may still identify the data subject
Personal data about deceased persons are covered by the DPA, as the rights of the data subject may be transmitted to his/her heirs or assigns.
Data about organizations or legal fictions are not covered by the DPA, unless by processing the organizational data, personal data about natural persons are included.