What is Personally Identifiable Information?
Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. This includes information that can directly identify someone or information that, when combined with other data, could lead to identification.
Categories of PII
Direct Identifiers
- Full name
- Social Security number
- Driver's license number
- Passport number
- Email address
- Phone number
- Physical address
Indirect Identifiers
- Date of birth
- Place of birth
- Race/ethnicity
- Gender
- Job title
- Education history
Sensitive PII
- Financial account numbers
- Medical information
- Biometric data
- Sexual orientation
- Religious beliefs
- Political opinions
PII Under Various Regulations
| Regulation | Terminology |
|---|---|
| GDPR | Personal Data |
| CCPA | Personal Information |
| HIPAA | PHI (health context) |
| NIST | PII |
Protection Requirements
- Data minimization
- Purpose limitation
- Encryption at rest and in transit
- Access controls
- Retention policies
- Secure disposal
- Breach notification procedures
Best Practices
- Inventory PII in your systems
- Classify by sensitivity
- Implement data masking
- Regular access reviews
- Employee training
- Incident response planning