What is not covered by data protection law?

Asked by: Ms. Kelsi Hammes MD  |  Last update: January 28, 2026
Score: 4.3/5 (54 votes)

Data protection laws generally don't cover purely personal/household data, de-identified data, publicly available information, and data processed for national security, law enforcement, or judicial/journalistic purposes, with specific exemptions for employment/B2B contexts also common, depending on the jurisdiction's laws (like GDPR, HIPAA, US state laws).

Who is not covered by data protection?

The exemptions to the DPA 2018 span across a wide variety of different areas and sectors, including but not limited to: law and public protection, parliamentary and judicial matters and journalism.

What is exempt from the Data Protection Act?

(1)Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court. (b)for the purpose of obtaining legal advice, or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.

What type of information is not protected by privacy regulations?

Records outside HIPAA include FERPA-covered education and treatment records, employment records held by an employer, health information maintained by non-covered entities (such as many apps, employers, life and disability insurers, and Workers' Compensation Carriers), properly de-identified data, and records of ...

What are the 7 data protections?

The principles are: Lawfulness, Fairness, and Transparency; Purpose Limitation; Data Minimisation; Accuracy; Storage Limitations; Integrity and Confidentiality; and Accountability.

Data protection explained in three minutes

27 related questions found

What are the 8 rules of data protection?

What Are the Eight Principles of the Data Protection Act?

  • Fair and Lawful Use, Transparency. The principle of this first clause is simple. ...
  • Specific for Intended Purpose. ...
  • Minimum Data Requirement. ...
  • Need for Accuracy. ...
  • Data Retention Time Limit. ...
  • The right to be forgotten. ...
  • Ensuring Data Security. ...
  • Accountability.

Which of the following is not a data privacy principle?

Answer. Answer: Data utility. Explanation: Transparency, Accountability, and Storage Limitation are principles under Data Privacy. Data utility is not typically considered a principle under Data Privacy.

What is not considered protected information?

Examples of Non-PHI

A dataset of hospital visits without any personal identifiers like names, addresses, or Social Security numbers is considered non-PHI. A vaccination record that a university maintains for its students comes under FERPA protection, so it's not considered PHI under HIPAA.

What does the Privacy Act not include?

The Privacy Act does not cover: state or territory government agencies, including a state and territory public hospital or health care facility (which is covered under state and territory legislation) except: certain acts and practices related to My Health Records and individual healthcare identifiers.

What is covered under the Data Protection Act?

The Data Protection Act covers data held electronically and in hard copy, regardless of where data is held. It covers data held on and off campus, and on employees' or students' mobile devices, so long as it is held for University purposes, regardless of the ownership of the device on which it is stored.

What are 10 examples of sensitive personal information?

Definition of Sensitive Personal Information

  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic data.
  • Biometric data.
  • Health data.
  • Sexual orientation or sex life.

What are the exclusions for data protection?

Some of the most common exemptions include businesses that do not process personal data of living persons, businesses that have no connection with the European Union, derogations for businesses with less than 250 employees, or data processing primarily for personal/household activities.

Which type of information is exempt?

Exemption 1: Information that is classified to protect national security. Exemption 2: Information related solely to the internal personnel rules and practices of an agency. Exemption 3: Information that is prohibited from disclosure by another federal law.

What are examples of non-personal data?

Non-personal data can further be classified as: (i) Public non-personal data: data collected or generated by the government in course of publicly funded works. For example, anonymised data of land records or vehicle registration can be considered as public non-personal data.

What are the three types of data protection?

The three pillars of data security—confidentiality, integrity, and availability—are essential for protecting information in today's digital environment.

What personal data gets extra protection by law?

The special categories are: Personal data revealing racial or ethnic origin. Political opinions. Religious or philosophical beliefs.

What information is not protected by privacy regulations?

4. What is not considered personal information under the CCPA? Personal information does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records.

What are the 8 rules of the Data Protection Act?

Lawfulness, fairness, and transparency; ▪ Purpose limitation; ▪ Data minimisation; ▪ Accuracy; ▪ Storage limitation; ▪ Integrity and confidentiality; and ▪ Accountability. These principles are found right at the outset of the GDPR, and inform and permeate all other provisions of that legislation.

What is not considered personal information?

Non-personally identifiable information (non-PII) is data that cannot be used on its own to trace, or identify a person. Examples of non-PII include, but are not limited to: Aggregated statistics on the use of product/service. Partially or fully masked IP addresses.

What are the exceptions to the privacy rule?

General rule exceptions

State law preempts HIPAA in these situations: State law has more stringent patients' rights or privacy provisions than HIPAA. State law provides for reporting information to public health agencies. State law requires a health plan to report information for the purpose of audits, etc.

What are 5 examples of confidentiality?

For example, confidential information may include financial projections, business forecasts, customer lists, employee information, sales, patents, and trade secrets.

What cannot be disclosed under HIPAA?

Under HIPAA, you cannot disclose Protected Health Information (PHI) without patient authorization or a specific legal exception, which includes any individually identifiable health information like names, dates (full), addresses, Social Security numbers, medical records, treatment details, and billing information, to unauthorized parties like family, friends, employers, or the general public, especially for marketing or employment purposes, without strict security measures like encryption for digital data. 

Which of the following data is not considered personal data?

What is NOT considered personal data: Data related to the deceased. Inaccurate data that can't be identified to an individual. Information about legal entities.

What are the 7 principles of data protection?

Broadly, the seven principles are :

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security)
  • Accountability.

What are common data privacy violations?

Some of the most common privacy violations include insufficient legal basis for data processing, unclear privacy notification details, and data breaches. Businesses that violate privacy laws might receive fines, be forced to stop data processing, or face other legal penalties.