TABLE OF CONTENTS

INTRODUCTION - 3
1. DECONSTRUCTING AND CONSTRUCTING THE DEFINITION - 6
1.1. CHALLENGES WITH LITTERAL INTERPRETATION OF “IDENTIFIABLE” - 6
1.1.1. Over-Reaching Definition - 7
1.1.2. Under-Inclusive Definition - 11
1.1.3. “Identifiable” Triggering Uncertainty - 15
1.2. PROPOSING AN INTERPRETATION OF “IDENTIFIABLE” TAKING INTO ACCOUNT UNDERLYING RISK OF HARM - 30
1.2.1. Using a Purposive Approach to Interpreting Personal Information - 30
1.2.2. Determining Risk of Harm as Purpose Behind the Protection of Personal Information - 34
2. IMPLEMENTING THE RISK OF HARM APPROACH TO THE NOTION OF PERSONAL INFORMATION - 40
2.1. SUBJECTIVE HARM ASSOCIATED WITH PERSONAL INFORMATION - 45
2.1.1. “Identifying” Taking Into Account the Overall Sensitivity of Information - 48
2.1.1.1. Identifying Using Illegal Methods? - 52
2.1.1.2. Efforts to Identify - 54
2.1.1.3. Taking Into Account Potential Correlation - 56
2.1.1.4. Dealing with New Types of Data - 59
2.1.2. Applying the Approach to Recent Privacy Breaches or Activities - 63
2.1.2.1. High Risk of Harm: Launch of Buzz and AOL breach - 64
2.1.2.2. Low Risk of Harm: Note2be - 67
2.2. OBJECTIVE HARM ASSOCIATED WITH PERSONAL INFORMATION - 69
2.2.1. Risk of Objective Harm: Identifiability Replaced by Negative Impact - 74
2.2.2. Applying the Approach to New Types of Data - 84
2.2.2.1. IP addresses, Log files, Cookies - 84
2.2.2.2. Search Queries - 85
2.2.2.3. Location Information - 87
CONCLUSION - 88