Online activities such as browsing a site, entering a search query, or making a purchase leave digital footprints that organizations can collect, store, and use for targeted marketing or other purposes. 

These footprints often contain personal information, raising growing concerns over data privacy and security. This led to the enactment of new laws that regulate how personal data is gathered, processed, and shared, and it also put existing data privacy regulations into sharper focus.

In this guide, we’ll explore some of these laws to find a definition of personal information, provide examples, and discuss different types of personal information. You’ll also learn about virtual cards and the way they facilitate secure online payments.

What Does Personal Information Mean?

Due to the lack of a comprehensive federal-level data protection law, the U.S. doesn't have a federal-level definition of what is considered personal information. Instead, various state laws define personal information and govern how it’s collected, processed, and shared in their jurisdiction.

California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA)

Under the CCPA/CPRA, personal information is “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”^[1] Examples include:

• Name
• Email address
• Employment data
• Browsing history
• IP address
• Purchase history
• Location data
• Profiles businesses create about you, including pseudonymous profiles
• Unique identifiers (device IDs, cookies)
• Sensitive personal information

The CCPA/CRPA also outlines that personal information “does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern,”^[1] as well as “consumer information that is deidentified or aggregate consumer information.”^[1]

Texas Data Privacy and Security Act (TDPSA)

The TDPSA defines personal data as “any information, including sensitive data, that is linked or reasonably linkable to an identified or identifiable individual. The term includes pseudonymous data when the data is used by a controller or processor in conjunction with additional information that reasonably links the data to an identified or identifiable individual. The term does not include deidentified data or publicly available information."^[2]

Colorado Privacy Act (CPA)

According to the CPA, personal information "means (a) information that is linked or reasonably linkable to an identified or identifiable individual; and (b) does not include de-identified data or Publicly Available Information."^[3]

Despite the slight differences in definitions, they all share a common thread—personal information is any data that can identify or be linked to an individual, and publicly available information is beyond the scope of protection.

What Types of Personal Information Are There?

Personal information falls into two major categories:

1. Sensitive personal information
2. Non-sensitive data

Sensitive Personal Information

Sensitive personal information is information that, if leaked, could cause you harm or damage. Depending on the jurisdiction, this might mean that organizations that collect this type of information should take extra precautions to protect it and allow you to limit its use.

Sensitive personal information might include:

• Certain government identifiers such as Social Security, passport, or driver's license numbers
• Financial information such as card or account numbers
• Any security codes, passwords, or credentials allowing access to personal accounts
• Precise geolocation
• Email, mail, and text message contents
• Genetic data
• Biometric information processed to identify you (fingerprints, retinal scans, DNA, facial recognition)
• Information concerning health, sexual orientation, or sex life
• Racial or ethnic origin, religious or philosophical beliefs, or union membership information

Non-sensitive Data

Non-sensitive personal information is personal information that, by itself, isn’t as harmful if exposed. However, when combined with other information, it can pose a risk to your privacy. 

Examples of non-sensitive PII include:

• Name
• Address
• Phone number
• Email address
• Age or date of birth
• Gender
• Employment details
• Place of birth

What Is Personal Information Under Federal Laws?

While state laws offer broader definitions of personal information, federal laws usually have narrower definitions specific to them. Some of the most notable federal laws that protect personal information include:

1. Privacy Act of 1974
2. Health Insurance Portability and Accountability Act (HIPAA)
3. Children’s Online Privacy Protection Act (COPPA)

Privacy Act of 1974

The Privacy Act of 1974 regulates how federal agencies collect, store, and disclose personal information in their systems of records.

It defines a record as “any item, collection, or grouping of information about an individual that is maintained by an agency.”^[4]

The act restricts the disclosure of such information and allows you to access and request corrections to your records.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA was enacted in 1996, and it governs how healthcare providers, health plans, and clearinghouses gather, share, and protect sensitive health data^[5]. 

HIPAA defines health information as “any information, including genetic information, whether oral or recorded in any form or medium, that: (1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.”^[5]

Children’s Online Privacy Protection Act (COPPA)

COPPA protects the online privacy of children under 13 years old. Among other provisions, it requires websites and online services to obtain verifiable parental consent before collecting, using, or disclosing personal information from children ^[6].

Under COPPA, personal information is “individually identifiable information about an individual collected online.”^[6] Besides information such as first and last name, address, telephone number, and Social Security number, personal information protected by COPPA also includes^[6]:

• A video, photograph, or audio file containing a child's image or voice
• A persistent identifier (e.g., a customer number held in a cookie or an IP address)
• Sufficient geolocation information to identify the street name and name of a city or town

Why Is It Important To Protect Your Personal Information Online?

Not all states have data protection laws, and even if they do, data theft is a persistent threat that might occur at any time. Cybercriminals can steal your personal information through various means, such as phishing, malware attacks, or data breaches. 

Some of the measures you can take to protect your personal information online include:

• Using a password manager like Bitwarden, RoboForm, or Bitdefender to protect accounts with strong passwords and 2FA
• Using a VPN such as NordVPN, Norton VPN, and Proton VPN to prevent IP tracking and protect internet traffic from being intercepted
• Seeking services of companies that remove personal information from the internet

To protect financial information, consider using virtual cards for all online transactions. These cards act as a stand-in for actual payment card information, minimizing the amount of personal information you share and protecting you in case of a data breach.

For maximum data security, opt for a dedicated virtual card provider like Privacy, which follows the highest data protection standards and offers additional security and convenience features.

How Privacy Cards Help Protect PII

Privacy is a BBB-accredited virtual card provider trusted by over 250,000 Americans. After linking a bank account or debit card to it, Privacy allows you to generate virtual cards with unique card numbers, expiration dates, and security codes you can use at checkout with online merchants. Since the merchant only stores the virtual card information in their database, your actual card details are protected from unauthorized access in case of merchant data breaches. 

As a PCI-DSS and SOC 2 Type 2-compliant company, Privacy employs rigorous measures to protect user data. It relies on military-grade AES-256 encryption to secure your personal information at rest and in transit. It conducts regular third-party cybersecurity audits to ensure compliance with industry data privacy regulations. You can also set two-factor authentication to strengthen account security and enable real-time alerts to get notifications every time your Privacy Card is used or declined.

Privacy Card Types and Features

Privacy offers three types of virtual cards:

You can set spending limits on each virtual card, and Privacy will decline charges above the limit. This feature helps protect you from hidden and excessive fees some sneaky merchants may impose.

Privacy also lets you pause or close virtual cards anytime, stopping all further charges. Card-pausing or closing can help you when you're unsubscribing from services such as McAfee, SHOWTIME, or BeenVerified and want to avoid unwelcome charges that may occur during or after the cancellation process.

Convenience Features

Privacy offers additional features to make virtual card management easier and online transactions more convenient:

• 1Password integration—The integration lets you generate, access, and autofill your virtual card details and manage your passwords within 1Password's browser extension.
• Mobile app—With the Privacy App, which is available for iOS or Android, you can create, manage, and monitor your virtual card activity on the go.
• Browser extension—The Privacy Browser Extension lets you quickly generate and access virtual cards directly from your browser when shopping online. It's available for popular browsers, including Firefox, Safari, Google Chrome, Microsoft Edge, and Safari for iOS.

How To Start Using Privacy Cards

To get started with Privacy and secure your financial PII, follow four steps:

1. Access the sign-up page
2. Enter the required Know-Your-Customer (KYC) details to verify your identity
3. Link your bank account or debit card
4. Request and generate your first virtual card
   ‍

Privacy offers four plans to choose from:

References

^[1]California Legislative Information. https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5, sourced September 25, 2024

^[2]Texas.gov. https://statutes.capitol.texas.gov/Docs/BC/htm/BC.541.htm#541.001, sourced September 25, 2024

^[3]COAG. https://coag.gov/app/uploads/2023/03/FINAL-CLEAN-2023.03.15-Official-CPA-Rules.pdf, sourced September 25, 2024

^[4]Justice.gov. https://www.justice.gov/opcl/privacy-act-1974, sourced September 25, 2024

^[5]HHS. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf, sourced September 25, 2024

^[6]FTC. https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa, sourced September 25, 2024

‍