Define “personal information”

[mdekstrand]

Currently, the privacy policy refers to “personal information”, but this is not defined. Seems to me there are three types of information, that should be clearly identified:

• Non-public personal information - billing address, credit card info, e-mail address, etc. The stuff used for account maintenance but not shown to users. If app.net adds a direct message feature, that probably is included here too.
• Public content. This is also provided by the user to the service, but since it is publicly displayed and available it is clearly in a different category.
• Information collected during use (IP addresses, etc.). This probably should be treated the same as non-public personal information, especially potentially-identifying information such as IP addresses. Or IP addresses should be scrubbed from logs.

This becomes relevant when talking about data disclosure. Public data is already public - giving it to third parties or law enforcement in digestable form isn't really a problem. Pesonal data is what becomes an issue - IPs, billing info, etc. Right now the privacy policy is not particularly clear about what information is in question at each stage.

There may also be a more meaningful taxonomy of data than the one above. It's just what comes to mind quickly.