Re: Is this forum prepared for the GDPR?

new topic     » goto parent     » topic index » view thread      » older message » newer message
euphoric said...

I'll say this one last thing, then I'll be done. A username and password does not fall under the domain of PII. (How could it, since my username is euphoric and my password is not known by OpenEuphoria?)

I know you're done but unfortunately you're also wrong. I'm not trying to be confrontational, I just want to make sure we're not going to get ourselves in trouble.

According to that PDF I linked to earlier, it states: (emphasis mine)

A Practical Guide for GDPR Compliance Osterman Research said...

The personally identifiable information (PII) that will be relevant in the context of the GDPR includes data subjects’ biometric data, network identifiers, images, hobbies, political preferences, religious preferences, sexual orientation and other information about EU residents.

The phrase "network identifiers" and the ever-more-vague "other information" could very well include a username.

And if you look up Personally identifiable information on Wikipedia, it says: (emphasis mine)

Wikipedia said...

NIST definition

The following data, often used for the express purpose of distinguishing individual identity, clearly classify as PII under the definition used by the National Institute of Standards and Technology (described in detail below):

  • Full name (if not common)
  • Face (sometimes)
  • Home address
  • Email address (if private from an association/club membership, etc.)
  • <snip>
  • Telephone number
  • Login name, screen name, nickname, or handle

So there you go. That seems pretty straight-forward to me.

-Greg

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu