Comment 8: No Personal Information for You! (sort of…)
The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.
We often hear, and I’ve talked a lot, about how important and valuable data is. This is doubly so when it comes to your personal data. “But wait,” you may already be thinking, “isn’t all my data personal data?” Well, to put it in the parlance of law school: maybe.
Personal Information (PI), or Personal Data, can have some slightly different definitions depending on the situation. For example, 2 CFR § 200.79 – Personally Identifiable Information (PII) states:
PII means information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. Some information that is considered to be PII is available in public sources such as telephone books, public Web sites, and university listings. This type of information is considered to be Public PII and includes, for example, first and last name, address, work telephone number, email address, home telephone number, and general educational credentials. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. Non-PII can become PII whenever additional information is made publicly available, in any medium and from any source, that, when combined with other available information, could be used to identify an individual.
Whereas the DHS defines PII “as any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department”. DHS takes a narrower view of personal information, saying that it is any information linkable to an individual.
I mention this because Google recently brought a new tool online to help people control, at least in part, what personal information is found about you in a search. The type of information for which you can request is about what you would think, and it is available here.
The whole process is pretty simple:
- Go to google.com and search your name (don’t act like you never have). Google recommends adding your city/state if you have a more common name or find yourself getting results that aren’t you.
- If you find something which you would like to request be removed from Google’s search results, then click the menu button on the search result (representing with three vertical dots).
- Now click where it says “remove result”.
You’ll need to answer a few questions and then you submit your request. You’ll even receive updates about the progress of your request. Find a full explanation here.
It is important to note that this process isn’t about removing data from a particular site or database, but is only about removing potentially harmful search results from Google; however, I am planning to cover ways to claw back your personal information from websites and databrokers in the near-future.