Personal Privacy

Author: Yana A. St. Clair, Esq.

Personal Privacy - (data privacy - personal data)

In our last issue we began discussing the broad topic of privacy, its meaning to us individually, the different ways, and varying degrees in which it is taken away from us on a daily basis, and the importance of finding and maintaining methods to protect it.  We will now narrow our discourse on the subject specifically to the issue of data privacy. 

Data privacy, or information privacy, is rapidly exploding as a hot topic of interest, and concern, in our global cyber world. It is thus understandably covered by its own set of laws and regulations, which vary jurisdictionally, but for the most part share a common basis.  Regardless of regional differences, data privacy law generally covers the disclosure and misuse of information about private individuals, and to what degree its dissemination, appropriation, revelation, and so on, is prohibited. 
As we begin to address How and Where this so called “information” is being protected, first we need to determine What is being protected, and the What with which our inquiry at hand is concerned, is something we refer to as “personal data.”
In the present context personal data is generally defined as personally identifiable information, or sensitive personal information, that can be used directly or indirectly, meaning on its own or in conjunction with other information, to identify an individual. This information in turn can be used to directly identify, contact or locate a single person, or to indirectly identify such an individual in context.

A few common examples of personal data which enable someone to directly identify an individual include a person’s name, address, telephone number, birth date, social security number, etc, etc, etc. On the other hand, an individual may also be identified indirectly, through the use of data such as an IP address, location identifiers, a user name, and so on.
Now that we have established whose data collection we are concerning ourselves with, and what different types of information is being collected, we turn our attention to how the data is being viewed and scrutinized, but even more so, how the individual whose personal information is at stake, is being protected.

There is no universal data protection law, therefore individual countries or unions encompassing several member nations, adopt, implement and enforce their own sets of regulations, which vary jurisdictionally, but overall share common core similarities.
The basic principles from which modern data protection laws arise are all rooted in Fair Information Practices, which was first developed in the United States in the early 1970’s.

Ironically, however, the United States is notable today for not having in place a comprehensive information privacy law, but we digress… Nonetheless, the basic principles of data protection are as follows:

  • For all data collected there ought to be a stated purpose
  • Data collected from an individual may not be shared with others unless there is consent, or it is otherwise authorized by law
  • Records of the data collected must be kept, and they should be accurate and up to date
  • There ought to be a way for individuals to review the data collected on them to ensure accuracy
  • Data should be deleted once it no longer serves its purpose
  • Personal information on individuals must not be transferred to a location where it is not equally secured
  • Some data is too sensitive to be collected, absent exigent circumstances, such as religion or sexual orientation

As is evident from the list above, these are merely ideals which lay the foreground for a more firm and concrete set of rules and regulations to be enacted by each country or international union, were it so inclined to do. 
In our subsequent issues we will delve into some of the more notable sets of laws and regulations pertaining to information privacy which have been adopted and are being enforced throughout the world.  More specifically, we will explore the EU’s stringent and heavily enforced GDPR on the one hand, the US’ overall lax approach to the entire concept of information privacy on the other, the very notable exception of California, and the ever-increasing efforts by all technologically developed nations to solidify their own independent sets of laws to govern data protection.



Yana is an American attorney, licensed to practice in the State of California.  She received her B.A. from UCLA in
2001 with a major in Political Science, specializing in International Relations.  In 2005 she was awarded the degree of Juris Doctor, from Loyola Law School.  In 2009 she received her MBA from Ashford University. During her studies, Yana worked for Soft Power Int., where she became well acquainted with the engineering world.  Upon graduating from Law School, Yana joined the Criminal Defense field, where she has devoted her talents to fight for her clients.