!!! Overview[1]
Any discussion of PII requires some [context].
Generically, [{$pagename}] ([PII]) is [data] that can be used to perform [Identification], either alone or when combined with other [{$pagename}] that within a specific [Context] provide a specific [Digital Identity] from the [Anonymity Set].
Within some contexts [{$pagename}] ([PII]) is [Protected Data] that
* can be used to identify the [Natural Person] to whom such information relates
* might be directly or via [Identity Correlation] to a [Natural Person] to whom such information relates.
[{$pagename}], as used in [Information security], is [data] that can be used on its own or with other [data] to identify, contact, or locate a single [Natural Person], or to identify a [Natural Person] in [context].
The abbreviation [PII] is widely accepted, but the phrase it abbreviates has four common variants based on personal/personally, and identifiable/identifying. Not all abbreviations are equivalent, and for [legal] purposes the effective definitions vary depending on the [jurisdiction] and the purposes for which the term is being used. [2]
!! What is [{$pagename}]?
[{$pagename}] can only be defined within a provided [context].
Generally, any Unencrypted electronic information that when used in combination with other information, can Identity an individual.
Typically this is interpreted as any information that includes an individual’s first name or initial, and last name, in combination with any one or more of the following:
* [Social Security Number] ([SSN]).
* Drivers license number or State-issued Identification Card] number.
* [Financial Data] account number, [Bank Card Number], or [Medical ID Card] in combination with any required security code, access code, or [password] such as expiration date or mother’s maiden name that could permit access to an individual’s financial account.
* [Patient Data] (any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a [Health Care Provider])
* Health insurance information (an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the [Natural Person], or any information in an individual’s application and claims history, including any appeals records)
[{$pagename}] is regulated by many [Government and other organizations|IDM Related Compliance Items].
!! [NIST] Guide
[NIST.SP.800-122] is a document aimed at Federal Agencies but is also considered the reference for industry.
!! [ISO 19944]
[{$pagename}] is any information that
* a) can be used to [identify|Identification] the [PII principal|Data subject] (3.18) to whom such information relates. or
* b) is or might be directly or indirectly linked to a [PII principal|Data subject]
!! [{$pagename}] [Risk]
The [Data Security Impact] for [{$pagename}] [Risk] is defined in [FIPS 199]
!! [United States Supreme Court] and [{$pagename}]
"In Cox Broadcasting v. Cohen, 420 U.S. 469 (1975), the Supreme Court of the United States held that the [First Amendment to the Constitution|Amendment I] prohibits states from imposing a penalty on ... for publishing accurate information obtained from a public court record."
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OpenID Connect Core 1.0 incorporating errata set 1|https://openid.net/specs/openid-connect-core-1_0.html|target='_blank'] - based on 2016-09-10
* [#2] - [http://en.wikipedia.org/wiki/Personally_identifiable_information|http://en.wikipedia.org/wiki/Personally_identifiable_information|target='_blank'] - based on 2013-04-17
* [#3] - [§ 200.79 [Personally Identifiable Information (PII)|https://www.law.cornell.edu/cfr/text/2/200.79|target='_blank'] - based on information obtained 2021-10-11
* [#4] - [Relying on Public Records|https://www.dmlp.org/legal-guide/publication-private-facts|target='_blank'] - based on information obtained 2021-10-11