Data Privacy Updates for Fridays - Your Signature is Personal Information covered by the protection

The Data Privacy Act (DPA) of 2012 defines personal information as “any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.”


In National Privacy Commission (NPC) Advisory Opinion No. 2017-063, Re: Personal and Sensitive Information, the Commission explained that hand-written signatures are considered part of the definition of personal information, as defined by the DPA. The Commission clarified:

"[H]and-written signatures, as may be used to identify an individual, is considered as personal information. In the same manner, unique information relating to an individual or when linked with other information will allow an individual to be distinguished from others, may be treated as personal information. (Citing EU Directive 95/46/EC Working Party Document No. WP 105 noted that “Data relates to an individual if it refers to the identity, characteristics or behavior of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated.”)


Accordingly, username, password, IP address, MAC address, location, cookies and birthday (month and d