Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Compliant Data Or Just A Pile Of Numbers

Tagged with gdpr, ico, data, textmarketing, sms, free, freeadvice, bulksms, gdprtemplate
by Adam Brogden
in Blog

04-Jan-2018 10:23

Ok, you might think I had too much Egg Nog over Christmas but bear with me…. Personally identifiable data seems obvious, name, address, email, mobile number etc... In fact the ICO GDPR pages give a nice list of identifiable data items. However if you break this down it gets interesting. For example, if you have a list of first names is this identifiable data? Probably not. There are 100M people called John in the world. If you have a list of last names is this identifiable – again probably not. There are 10M people called Smith.

So, lets think about more obvious examples – mobile phone number. Sounds like this is an obvious case – definitely an identifiable data item. But maybe this is not actually the case!

I run a text marketing company [as well as Optindigo] – our data security policy means that we store numbers used in campaigns for a certain period of time. As you might imagine this means we store a lot of numbers! In most cases these numbers are linked to the message sent and in some cases linked to names and other data items. Where the number is linked to a name I accept that this is clearly identifiable data, however where there is no associated name data all I have is a huge pile of numbers and possibly an associated campaign message.

I put it to you that a pile of 100 million mobile numbers [with no associated data] is not identifiable data. In fact 100M numbers is just a pile of bits with no value or meaning. These numbers are obviously tied to a mobile phone but from a security/hacking point of view are not actually worth anything to anyone! Mobile numbers are recycled quickly and with such a huge volume it is likely that 30% are no longer in service. More importantly does this number represent an individual. This pile of numbers could easily be generated by looking up mobile operator number ranges and automatically generating them! Maybe I have been thinking about this too much but this is pretty important to us from a implementation point of view.

So, what is identifiable data? Maybe not so obvious.

Good luck all.