The PII Problem: Privacy and a New Concept of Personally Identifiable Information
http://cdt.org/files/inline/pdf/Personal-Data-Ecosystem.pdf http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1909366 Paul Schwartz and Daniel Solove have a article available for download from SSRN. Aug 2011 abstract: Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have ev