Data privacy laws dictate adherence to trusts and obligations associated with any information connected to an identified or identifiable data subject. Personal data privacy generally refers to information that can be associated with a specific individual, or that has identifying characteristics that might be combined with other information or data to identify a specific individual. Sensitive personal data may include items classified as individual preferences, habits, racial or ethnic origin as well as financial or medical condition.
ISACA. “Privacy.” In Information Systems Standards, Guidelines, and Procedures for Auditing and Control Professionals. Rolling Meadows, IL: ISACA, September 2005. http://www.isaca.org/AMTemplate.cfm?Section=Standards2&Template=/ContentManagement/ContentDisplay.cfm&ContentID=40571 (accessed May 3, 2008).
Shackelford, Kerry. “eSAC: Privacy Principles.” ITAudit, July 1, 2002. http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.archive&fid=464 (accessed April 22, 2008).