The concepts of personal information and personal data have no significant difference,while there is a huge distinction between the concepts of personal information and personal privacy. Article 76(5) of the Cybersecurity Law takes the name of personal information and defines personal information in the form of "identification type" and "generalization & enumeration type". This definition should be broadly interpreted. Specifically,personal information has two elements,which are "identification" and "record". "Identification" is a substantive element,to be combined with the criteria for judgments,the relevance of information,the possibilities of identification. "Record" is a formal element,and unrecorded information is not personal information.