Personally Identifiable Information


Personally Identifiable Information (PII) is Protected Data that

Personally Identifiable Information, as used in information security, is information that can be used on its own or with other information to identify, contact, or locate a single Natural Person, or to identify a Natural Person in context.

The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal/personally, and identifiable/identifying. Not all abbreviations are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used. [2]

What is Personally Identifiable Information?#

Personally Identifiable Information can only be defined within a provided context.

Generally, any Unencrypted electronic information that when used in combination with other information, can Identity an individual. Typically this is interpreted as any information that includes an individual’s first name or initial, and last name, in combination with any one or more of the following:

  • Social Security Number (SSN).
  • Drivers license number or State-issued Identification Card] number.
  • Financial Data account number, Bank Card Number, or Medical ID Card in combination with any required security code, access code, or password such as expiration date or mother’s maiden name that could permit access to an individual’s financial account.
  • Patient Data (any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a Health Care Provider)
  • Health insurance information (an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the Natural Person, or any information in an individual’s application and claims history, including any appeals records)

Personally Identifiable Information is regulated by many Government and other organizations.

NIST Guide#

NIST.SP.800-122 is a document aimed at Federal Agencies but is also considered the reference for industry.

ISO 19944#

Personally Identifiable Information is any information that

Personally Identifiable Information Risk#

The Data Security Impact for Personally Identifiable Information Risk is defined in FIPS 199

More Information#

There might be more information for this subject on one of the following: