User Information
From MgmtWiki
Full Title or Meme
Any information about the user, such as, Identifiers, Attributes Validations presented to an Authorization service to control access to a resource, typically digital but possibly physical.
Context
- There are many different terms used to address user information. See the references for some of the ones tracked here.
Problems
- There are two categories of User Information:
- User Private Information which is specifically related to identifying the user. This is similar to the ISO term Personally Identifiable Information.
- User Public Information which traditional democratic societies have determined to be a matter of public record, such as name changes, property deeds, bankruptcy records and prison records.
- Given the effort in Europe to allow a Right to be Forgotten, the distinction between private and public information has become blurred, at least in the EU.
Solutions
References
- User Private Information is the information about a user that the user wishes to remain private, as opposed to User Public Information which is accessible online, irrespective of the user's wishes that it were not so. It seems that the GDPR with Right to be Forgotten does not allow for the concept of user Public Information.
- Personal Data is used by the GDPR in a way that seems to mean information.
- Personally Identifiable Information (PII) is a term from ISO. Given that any information about the user can be used to exclude some portion of the population. It is amazing how few attributes are needed to limit the population to a single person who has those attributes.