Personal Information

Personal information refers to various pieces of information recorded electronically or by other means, capable of individually identifying a specific natural person or reflecting the activities of a specific natural person.

From GB/T35273《Information Security Technology - Personal Information Security Specification》Appendix A

Examples of Personal Information

In the digital age, the definition of personal information becomes more complex. It includes various information recorded electronically or by other means, capable of individually identifying a specific natural person or combined with other information. Examples of such information include names, birthdates, ID card numbers, personal biometric information, addresses, contact information, communication records and content, account passwords, property information, credit information, travel trajectories, accommodation information, health and physiological information, transaction information, and more.

Determining whether a piece of information qualifies as personal information involves considering two paths: identification and association. Identification involves recognizing a specific natural person based on the unique characteristics of the information itself, while association involves deriving information from a known individual’s activities (such as personal location information, call records, browsing history, etc.). Any information meeting either of these criteria should be classified as personal information.

Table A.1: Examples of Personal Information

  • Personal Basic Information: Personal name, birthdate, gender, ethnicity, nationality, family relationships, address, personal phone number, email address, etc.
  • Personal Identity Information: ID card, military ID, passport, driver’s license, work ID, entry and exit permit, social security card, residence permit, etc.
  • Personal Biometric Information: Personal genes, fingerprints, voiceprints, palm prints, ear shapes, iris patterns, facial recognition features, etc.
  • Network Identity Information: Personal information subject account, IP address, personal digital certificate, etc.
  • Personal Health and Physiological Information: Records related to illness and treatment, such as symptoms, hospital logs, medical orders, test reports, surgery and anesthesia records, nursing records, medication records, allergy information, fertility information, medical history, diagnosis and treatment history, family medical history, current medical history, infectious disease history, and information related to physical health, such as weight, height, lung capacity, etc.
  • Personal Education and Work Information: Personal occupation, position, work unit, education level, degree, education history, work experience, training records, academic transcripts, etc.
  • Personal Property Information: Bank accounts, authentication information (passwords), deposit information (including fund amounts, payment and receipt records, etc.), real estate information, credit records, credit information, transaction and consumption records, flow records, virtual currency, virtual transactions, game redemption codes, and other virtual property information.
  • Personal Communication Information: Communication records and content, SMS, MMS, emails, and data describing personal communication (usually referred to as metadata).
  • Contact Information: Address book, friends list, group list, email address list, etc.
  • Personal Internet Records: Personal information subject operation records stored in logs, including website browsing records, software usage records, click records, bookmark lists, etc.
  • Personal Frequently Used Device Information: Including hardware serial numbers, device MAC addresses, software lists, unique device identification codes (such as IMEI/Android ID/IDFA/OpenUDID/GUID/SIM card IMSI information), etc.
  • Personal Location Information: Including travel trajectories, precise location information, accommodation information, latitude and longitude, etc.
  • Other Information: Marriage history, religious beliefs, sexual orientation, undisclosed illegal criminal records, etc.

Note: Any content that meets the criteria of identification or association should be considered as personal information. Protecting personal information is a crucial task, and we must handle it with care, adhering to relevant regulations.

个人信息 (Personal Information)

以电子或者其他方式记录的能够单独或者与其他信息结合识别特定自然人身份或者反映特定自然人活动情况的各种信息。

From GB/T35273《信息安全技术个人信息安全规范》附录A

个人信息示例

个人信息是指以电子或者其他方式记录的能够单独或者与其他信息结合识别特定自然人身份或者反映特定自然人活动情况的各种信息,如姓名、出生日期、身份证件号码、个人生物识别信息、住址、通信通讯联系方式、通信记录和内容、账号密码、财产信息、征信信息、行踪轨迹、住宿信息、健康生理信息、交易信息等。

判定某项信息是否属于个人信息,应考虑以下两条路径:一是识别,即从信息到个人,由信息本身的特殊性识别出特定自然人,个人信息应有助于识别出特定个人。二是关联,即从个人到信息,如已知特定自然人,由该特定自然人在其活动中产生的信息(如个人位置信息、个人通话记录、个人浏览记录等)即为个人信息。符合上述两种情形之一的信息,均应判定为个人信息。

表A.1给出了个人信息举例

  • 个人基本资料: 个人姓名、生日、性别、民族、国籍、家庭关系、住址、个人电话号码、电子邮件地址等
  • 个人身份信息: 身份证、军官证、护照、驾驶证、工作证、出入证、社保卡、居住证等
  • 个人生物识别信息: 个人基因、指纹、声纹、掌纹、耳廓、虹膜、面部识别特征等
  • 网络身份标识信息: 个人信息主体账号、IP地址、个人数字证书等
  • 个人健康生理信息: 个人因生病医治等产生的相关记录,如病症、住院志、医嘱单、检验报告、手术及麻醉记录、护理记录、用药记录、药物食物过敏信息、生育信息、以往病史、诊治情况、家族病史、现病史、传染病史等,以及与个人身体健康状况相关的信息,如体重、身高、肺活量等
  • 个人教育工作信息: 个人职业、职位、工作单位、学历、学位、教育经历、工作经历、培训记录、成绩单等
  • 个人财产信息: 银行账户、鉴别信息(口令)、存款信息(包括资金数量、支付收款记录等)、房产信息、信贷记录、征信信息、交易和消费记录、流水记录等,以及虚拟货币、虚拟交易、游戏类兑换码等虚拟财产信息
  • 个人通信信息: 通信记录和内容、短信、彩信、电子邮件,以及描述个人通信的数据(通常称为元数据)等
  • 联系人信息: 通讯录、好友列表、群列表、电子邮件地址列表等
  • 个人上网记录: 指通过日志储存的个人信息主体操作记录,包括网站浏览记录、软件使用记录、点击记录、收藏列表等
  • 个人常用设备信息: 指包括硬件序列号、设备MAC地址、软件列表、唯一设备识别码(如 IMEI/Android ID/IDFA/OpenUDID/GUID/SIM卡 IMSI信息等)等在内的描述个人常用设备基本情况的信息
  • 个人位置信息: 包括行踪轨迹、精准定位信息、住宿信息、经纬度等
  • 其他信息: 婚史、宗教信仰、性取向、未公开的违法犯罪记录等