Types of Information

People are rich in data. Each person has unique data, which may include physical attributes, preferences and views. ADPCR uses different terminology to classify and juxtapose the kinds of information a person shares with businesses and its relevant richness. This is so that businesses can properly consider how to handle each level of information it may have access to. 

For the purposes of certification, ADPCR defines personal information as any information or opinion about an individual which can identify or can reasonably identify that person. To explain, this means that when John Citizen (DOB: 01/01/2000 of 12 Adelaide Street, Adelaide) provides information to the business, he has identified himself. However, if John Citizen identified himself as from 12 Adelaide Street, Adelaide to that same business but did not disclose his date of birth, it is reasonable for the business to conclude that he is the same person. 

Examples of personal information include an individual's:

  • name,
  • address,
  • contact number,
  • date of birth,
  • signature,
  • email address or
  • bank account details.
This data is then further sub categorised to include an individual's sensitive information. This is information or an opinion about an individual that is about an identified individual or about an individual who is reasonably identifiable. The inappropriate handling of sensitive information can have adverse consequences for an individual or those associated with them. 
Sensitive information is afforded a higher level of privacy protection in the ADPCR certification process. Examples of sensitive information includes: 
  • racial or ethnic origin, 
  • political opinions, 
  • membership of a political association, 
  • religious beliefs or affiliations, 
  • philosophical beliefs, 
  • membership of a professional or trade union/association, 
  • sexual preferences and/or practices,  
  • criminal records,
  • health information about an individual (including predictive genetic information),
  • biometric information and
  • biometric templates.
ADPCR defines information that has been ‘rendered anonymous’ so that individuals are no longer identifiable, as non-personal information.  
However, re-identifiable data, from which identifiers have been removed and replaced by a code, but where it remains possible to re-identify a specific individual by, for example, using the code or linking different data sets, is not defined as non-personal information.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us