What Is Personal Information?

"Personal information" (or "personal data," as it may be called) is defined quite broadly and in a similar way across most privacy laws. A generic definition would be "any information that can be linked to an identifiable individual." It’s very inclusive and designed to catch any and every kind of information that is connected to an individual or household, from their email address to their shoe size. 

Fortunately, the CCPA has a list of examples of different types personal information to help understand what the definition means. These examples include:

  • Identifiers – real names, email addresses, account names, IP addresses, Social Security numbers, etc.
  • Characteristics of protected classifications – Any classification protected by federal or state law, such as race, gender, sexual orientation, or age
  • Commercial information – Records of personal property, products, or services purchased or considered, and other such consumer histories
  • Biometric information – Fingerprints, faceprints, voiceprints, retina scans, etc.
  • Internet activity – Browsing history and search history, along with information related to a consumer’s interactions with a web page, application, or advertisement
  • Geolocation data – Where the consumer is or has been, often obtained by IP address or smartphone data
  • Sensory information - Audio, electronic, visual, thermal, olfactory, or similar information
  • Professional or employment-related information – Past employers, type of work, etc.
  • Education information – Information that is not publicly available personally identifiable information, as defined in the Family Educational Rights and Privacy Act
  • Consumer Profiles – Inferences drawn from any personal information used to create a profile of a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Bearing in mind there are potentially other categories of personal information not included in this list, it should at least give you a sense of the wide variety of data that can be considered personal information.

What Is Not Personal Information?

With so much data being defined as personal information by the CCPA, it is helpful to look at what the law specifically says is not personal information. There are two main categories of exemptions: publicly available information and deidentified or aggregate consumer information.

Deidentified or aggregate consumer information is data that cannot be linked to a particular consumer or household. Examples include a consumer profile from which all identifiers have been removed, or website usage statistics, such as total homepage visits, that can’t be linked to any identified individual.

What information is considered publicly available may vary a little from law to law, but commonly includes information acquired from government records, information collected for journalistic purposes, and information that that has been made available by the consumer to the general public (such as via a social media post).

This content is provided for general informational purposes only and does not constitute legal advice. This content is not a substitute for obtaining legal advice from a licensed attorney. The information on this page may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.