Overview[1]#
Personally Identifiable Information (PII) is Protected Data that- can be used to identify the Natural Person to whom such information relates
- might be directly or via Identity Correlation to a Natural Person to whom such information relates.
Personally Identifiable Information, as used in information security, is information that can be used on its own or with other information to identify, contact, or locate a single Natural Person, or to identify a Natural Person in context.
The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal/personally, and identifiable/identifying. Not all abbreviations are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used. [2]
What is Personally Identifiable Information?#
Personally Identifiable Information can only be defined within a provided context.Generally, any Unencrypted electronic information that when used in combination with other information, can Identity an individual. Typically this is interpreted as any information that includes an individual’s first name or initial, and last name, in combination with any one or more of the following:
- Social Security Number (SSN).
- Drivers license number or State-issued Identification Card] number.
- Financial Data account number, Bank Card Number, or Medical ID Card in combination with any required security code, access code, or password such as expiration date or mother’s maiden name that could permit access to an individual’s financial account.
- Patient Data (any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a Health Care Provider)
- Health insurance information (an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the Natural Person, or any information in an individual’s application and claims history, including any appeals records)
Personally Identifiable Information is regulated by many Government and other organizations.
NIST Guide#
NIST.SP.800-122 is a document aimed at Federal Agencies but is also considered the reference for industry.ISO 19944#
Personally Identifiable Information is any information that- a) can be used to identify the PII principal (3.18) to whom such information relates. or
- b) is or might be directly or indirectly linked to a PII principal
Personally Identifiable Information Risk#
The Data Security Impact for Personally Identifiable Information Risk is defined in FIPS 199More Information#
There might be more information for this subject on one of the following:- API Registry
- API-Gateway
- Birthday
- Blinding Identity Taxonomy
- Centralized Exchange
- Claim
- Data Classification
- Data Processing Agreement
- Data anonymization
- Drivers Privacy Protection Act
- Electronic Health Record
- Electronic Medical Record
- Fair Information Practices
- Family Educational Rights and Privacy Act
- General Data Protection Regulation
- Graded Authentication
- Legitimacy of Social Login
- Medicare Beneficiary Identifier
- NIST.SP.800-122
- PCI DATA
- PII
- Personal data
- Pretexting
- Privacy Considerations Distributed Ledger Technology
- Privacy Policy
- Private data
- Protected Data
- Protected Health Information
- Public Wi-Fi
- Smishing
- Unique Health IDentifier
- United States Privacy Act
- Vishing
- Zero Trust
- [#1] - OpenID Connect Core 1.0 incorporating errata set 1
- based on 2016-09-10
- [#2] - http://en.wikipedia.org/wiki/Personally_identifiable_information - based on 2013-04-17