{"id":20037,"date":"2026-04-30T11:54:21","date_gmt":"2026-04-30T06:24:21","guid":{"rendered":"https:\/\/www.naavi.org\/wp\/?p=20037"},"modified":"2026-04-30T11:54:21","modified_gmt":"2026-04-30T06:24:21","slug":"anatomy-of-personal-data","status":"publish","type":"post","link":"https:\/\/www.naavi.org\/wp\/anatomy-of-personal-data\/","title":{"rendered":"Anatomy of  Personal Data"},"content":{"rendered":"<p><a href=\"https:\/\/www.naavi.org\/wp\/wp-content\/uploads\/2026\/04\/idenity_multi_layer-scaled.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-20038\" src=\"https:\/\/www.naavi.org\/wp\/wp-content\/uploads\/2026\/04\/idenity_multi_layer-1024x572.png\" alt=\"\" width=\"640\" height=\"358\" srcset=\"https:\/\/www.naavi.org\/wp\/wp-content\/uploads\/2026\/04\/idenity_multi_layer-1024x572.png 1024w, https:\/\/www.naavi.org\/wp\/wp-content\/uploads\/2026\/04\/idenity_multi_layer-300x167.png 300w, https:\/\/www.naavi.org\/wp\/wp-content\/uploads\/2026\/04\/idenity_multi_layer-768x429.png 768w, https:\/\/www.naavi.org\/wp\/wp-content\/uploads\/2026\/04\/idenity_multi_layer-1536x857.png 1536w, https:\/\/www.naavi.org\/wp\/wp-content\/uploads\/2026\/04\/idenity_multi_layer-2048x1143.png 2048w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Personal Data is a key corporate asset in this time\u00a0 of Data Driven Business. Organizations collect specific identifiable personal data some times in a structured manner\u00a0 through a form associated with a service request. This is an ideal situation when the entire set of data elements\u00a0 are collected in one shot along with a proper notice, purpose linkage, data minimisation etc.<\/p>\n<p style=\"text-align: justify;\">But in actual practice an organization accumulates individual data elements often not specifically identifiable with a data principal. The &#8220;Personal Data identifiers&#8221;\u00a0 therefore become available but cannot be associated with any identifiable individual. Even when a &#8220;Name is available&#8221;, if it is concluded as belonging to a\u00a0 specific person which the Data Fiduciary knows, there\u00a0 could be a risk of mismatch. Hence an organization has to wait for accumulation of at least 2\u00a0 parameters which together create an identity.<\/p>\n<p style=\"text-align: justify;\">To be on the safer side\u00a0 it is better to have 3 parameters to identify a person unless one of the two parameters happens to\u00a0 be a &#8220;Biometric&#8221; information.<\/p>\n<p style=\"text-align: justify;\">Under &#8220;Biometric&#8221; one can take the\u00a0 finger print, the facial photograph, the voice sample, DNA etc.<\/p>\n<p style=\"text-align: justify;\">A Unique Government ID such as an aadhaar number or PAN number could perhaps have been considered equivalent to\u00a0 the biometric for\u00a0 identification but for the current state in India where these are not reliable.<\/p>\n<p style=\"text-align: justify;\">In the absence of\u00a0 such &#8220;biometric &#8221; data, there should be atleast 3 parameters such as the name, email and the phone to reasonably identify an individual.<\/p>\n<p style=\"text-align: justify;\">Once the identity of an individual can be fixed with a reasonable certainty, information such as a &#8220;Behaviour Profile&#8221; or a &#8220;Health report&#8221;, &#8220;Credit Report&#8221; can be added to the personal information and will also form the data that needs to be protected under the Data Protection Law.<\/p>\n<p>To capture this nature of Personal Data as a &#8220;Set of Data Parameters&#8221;, Naavi adopts the following layered approach to recognition of Personal data.<\/p>\n<p>Level 1: Operational Identifier: Name (Assigned by the Data Principal)<\/p>\n<p>Level 2: Organizational Identity: Employee ID, Customer ID (Assigned by the Data Fiduciary).<\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">Level 1+Level 2 will have confirmation from the data principal and the data fiduciary provided the two are linked with acceptance from both. If the two identifiers are present independently they donot form an identity till they are associated with a bond of conformation. This could be through a request for confirmation sent from one of the two to the other and its acceptance by the other.<\/p>\n<p>Level 3: Contact Layer: E Mail address, Mobile number<\/p>\n<p>Level 4: Biometric layer: Finger Print, Facial Photograph, Voice Sample, Dental X ray, DNA etc.<\/p>\n<p>Level 5: KYC layer: A KYC report generated by a trusted third party &#8220;Joint Data Fiduciary&#8221;<\/p>\n<p>Level 6:\u00a0 Report level: Behaviour Profile, Health Report, Credit Report etc<\/p>\n<p>We can organize these levels into a hierarchical system to move raw data as it flows into an organization into a &#8220;Provisional Personal Data Store&#8221;, process it periodically and move\u00a0 it to the next level<\/p>\n<p style=\"text-align: right;\">Naavi<\/p>\n<p><a href=\"https:\/\/www.buzzsprout.com\/2613725\/episodes\/19101683\" target=\"_blank\" rel=\"noopener\">An Audio Summary is here:<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Personal Data is a key corporate asset in this time\u00a0 of Data Driven Business. Organizations collect specific identifiable personal data some times in a structured manner\u00a0 through a form associated with a service request. This is an ideal situation when &hellip; <a href=\"https:\/\/www.naavi.org\/wp\/anatomy-of-personal-data\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","footnotes":""},"categories":[12],"tags":[],"class_list":["post-20037","post","type-post","status-publish","format-standard","hentry","category-privacy"],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false},"uagb_author_info":{"display_name":"Vijayashankar Na","author_link":"https:\/\/www.naavi.org\/wp\/author\/naavi\/"},"uagb_comment_info":0,"uagb_excerpt":"Personal Data is a key corporate asset in this time\u00a0 of Data Driven Business. Organizations collect specific identifiable personal data some times in a structured manner\u00a0 through a form associated with a service request. This is an ideal situation when &hellip; Continue reading &rarr;","_links":{"self":[{"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/posts\/20037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/comments?post=20037"}],"version-history":[{"count":1,"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/posts\/20037\/revisions"}],"predecessor-version":[{"id":20039,"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/posts\/20037\/revisions\/20039"}],"wp:attachment":[{"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/media?parent=20037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/categories?post=20037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.naavi.org\/wp\/wp-json\/wp\/v2\/tags?post=20037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}