Understanding Commonly Used Phrases and Terms
“Personally identifiable information” vs. “Non-personal information”
- Personally Identifiable Information (PII) is information that can be used to identify a specific person. Some examples of PII include: name, Social Security number, birthdate, government issued ID number, financial account numbers, or contact information (email, phone number, address).
- Non-personal information will often include what operating system is being used, user analytics (what pages are visited or time spent on a page), device ID, and IP address.
“Information we collect” vs. “Information you give to us”
- In order to use a service, including the library, we often have to give over at least one piece of personal information. When someone signs up for a library card the information they give to us may include their name, address, and phone number. They are aware that this information was collected as they were part of the transaction.
A piece of data that might be considered non-PII in one state or country could be considered PII in another based on local laws. Also, multiple pieces of data considered non-PII may still be used to identify someone.
- Session or temporary cookies are only active while the user is browsing the site and are deleted when the browser is closed. For example, they may be used to retain items in a shopping cart.
- Permanent or persistent cookies remain active even after a browser has been closed. They may store a username, password, or personalization settings. Persistent cookies can also be used to track a user’s interaction with the website.
- Third-party cookies are tracked by websites other than the one you are visiting and are most commonly used by advertisers and social media companies. They can track spending habits, online behavior, and demographics. If you’ve ever looked up something on one website and then saw advertisements for it on other sites you visited, it’s because of third-party trackers.
- This often-vague term is used in most privacy policies. Many companies want to share at least some user data externally. A third-party entity might be used for data analytics, customer relationship management, or even advertising. Since library use data is protected to some degree by laws in most states, it is important to ask vendors what information is shared and with whom the information is shared including third-party entities. You might understand and feel confident in the data security practices of your vendor, but do you have that same confidence in a third party?
Hope you’re hungry for more cookies! The cookies listed in this guide are just a few of the flavors available. To learn more about cookies, check out this guide from HTML.com https://bit.ly/MoreWebCookies
- Many businesses have direct financial ties to other businesses. Two companies are considered affiliated when one is a minority shareholder of another. Privacy policies may state that user data is shared with “affiliated businesses.” This is not usually considered selling user data, even though your library user’s information may be shared with an outside entity you did not contract with. Ask vendors to disclose what information is being shared and with whom.
“Combine data” or “Data broker”
- Whenever we go online data is collected about us. This data could be everything from our shopping habits to what sites we frequent to which specific ads we’ve clicked on. Data brokers combine this data to create user profiles. Profiles are sold to other companies that allows them to send targeted marketing. If a vendor uses trackers or certain cookies, it’s important to find out if that information is being compiled and shared with data brokers.
“Opt-in” or “Opt-out”
“Consent” or “Explicit/informed consent”
- Consent is a tricky concept online. Many websites say that they get a user’s explicit or informed consent. However, that often just means ticking a box when registering for an account. A user is generally considered to have given their “regular” consent just by using the website. Most often, users have given their consent to a wide range of tracking just by opening up a website.