Is Criminal History PII?
The topic of criminal history and Personal Identifiable Information (PII) is a complex and controversial one. PII is defined as any information that can be used to identify an individual, and it is protected under various laws and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). But what about criminal history information? Is it considered PII?
What is PII?
Before we dive into the world of criminal history, it’s essential to understand what PII is. PII is any information that can be used to identify an individual, including but not limited to:
- Name
- Address
- Date of birth
- Social Security number
- Driver’s license number
- Medical information
What is Criminal History Information?
Criminal history information, on the other hand, refers to information about an individual’s past criminal activities, including:
- Arrests
- Convictions
- Sentencing
- Rehabilitation
Is Criminal History PII?
At first glance, it might seem that criminal history information is not PII because it does not contain personal identifying information, such as name, address, or date of birth. However, criminal history information can be used to identify an individual, making it PII.
Why is Criminal History Information PII?
Here are a few reasons why criminal history information is considered PII:
- Uniqueness: Criminal history information is unique to each individual, making it possible to identify an individual based on their criminal record.
- Accessibility: Criminal history information is often publicly available or can be accessed through official records, making it easier for individuals to identify one another based on their criminal history.
- Relationship to PII: Criminal history information is often linked to PII, such as name, address, or date of birth, making it possible to use criminal history information to identify an individual.
Legal Frameworks
Several legal frameworks and regulations recognize criminal history information as PII. For example:
- FCC Guidelines: The Federal Communications Commission (FCC) guidelines define PII as including "information that links or could be used to link to an individual," which includes criminal history information.
- HIPAA: HIPAA regulations consider criminal history information as PII, as it can be used to identify an individual.
- GDPR: The GDPR defines PII as "personal data," which includes "data relating to an identified or identifiable individual," including criminal history information.
Privacy Concerns
The fact that criminal history information is considered PII raises significant privacy concerns. Here are a few examples:
- Stigma: Publicly available criminal history information can lead to stigma and discrimination against individuals with a criminal record.
- Misuse: Criminal history information can be misused by employers, landlords, or other individuals to make judgments about an individual without considering the full context.
- Error: Criminal history information can contain errors, which can have severe consequences for individuals who have been wrongly accused or convicted.
Conclusion
In conclusion, criminal history information is considered PII under various legal frameworks and regulations. This raises significant privacy concerns, as criminal history information can be used to identify an individual and has the potential to cause stigma, misuse, and errors. As such, it is essential to protect criminal history information as PII and ensure that it is handled and used responsibly.
Table: PII and Criminal History Information
| Category | PII | Criminal History Information |
|---|---|---|
| Uniqueness | – | Unique to each individual |
| Accessibility | – | Publicly available or accessible through official records |
| Relationship to PII | – | Linked to PII, such as name, address, or date of birth |
Bullets: Laws and Regulations
• HIPAA: Considered PII under HIPAA regulations
• FCC Guidelines: Defines PII as including "information that links or could be used to link to an individual," which includes criminal history information
• GDPR: Defines PII as "personal data," which includes "data relating to an identified or identifiable individual," including criminal history information
