Don't miss an insight. Subscribe to Techopedia for free.

Subscribe
Advertisements

Personally Identifiable Information

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…

Full Bio
View our Editorial Policy
Editor
checkmark
Editor
Last updated:

What Does Personally Identifiable Information Mean?

Personal Identifiable Information (PII) is a label used to describe data that directly or indirectly identifies a specific individual.

Advertisements

Examples of PII include names, addresses, biometrics and alphanumeric account numbers.

  • Name — includes full names, maiden names, mother‘s maiden names, nicknames and aliases.
  • Address — includes street addresses, email addresses, IP addresses and MAC addresses.
  • Biometrics — includes photographs, x-rays and other types of bio-based data such as fingerprints.
  • Alphanumeric account numbers — includes telephone numbers, driver‘s license numbers, taxpayer IDs, patient IDs, vehicle registration numbers and credit card numbers.

In many parts of the world, personally identifiable data has to be collected, stored and destroyed in accordance with compliance rules and regulations. Because non-PII can easily become PII if additional information is made publicly available, this type of data should be periodically reviewed to determine whether its IT risk management level has changed.

Risk impact levels (low, medium, high) for PII are subjective and based on the potential harm that inappropriate access, use or disclosure of the personally identifiable information would cause. The likelihood of risk is greatly reduced if an organization minimizes the amount of PII it collects, stores and shares.

Techopedia Explains Personally Identifiable Information

PII breaches can be dangerous to both individuals and businesses. Individuals whose PII is compromised raise the risk of identity theft. Businesses that allow their customers’ PII to be compromised raise the risk of losing the public’s trust and facing legal repercussions. Because PII is protected by privacy regulations, decisions about what PII to collect or share should be made in consultation with an organization’s Chief Privacy Officer (CPO), Data Protection Officer (DPO) and legal team.

In many parts of the world, businesses are responsible for ensuring that their customer’s PII is protected by reasonable safeguards. Risks to exposure can be contained and minimized by proactively creating an incident response plan for PII breaches. The plan should address how and to whom breaches will be reported, as well as when and how individuals whose PII has been compromised will be notified.

Legal mandates regarding PII can be complex and often change incrementally over time. This is why it's important for an organization to review and update their incident response plans on a regular basis. Minimally, a plan for protecting PII should ensure the following:

  • PII will only used by or disclosed to authorized entities.
  • PII will be destroyed at the appropriate time in compliance with regional record retention requirements.
  • Information security controls for protecting PII will be reviewed on a regular schedule.
  • PII in digital formats will be encrypted or obfuscated in some other manner to protect it from cybersecurity threats.
Advertisements

Related Terms

Related Reading

Tags

Trending Articles

Blockchain
How ChatGPT is Revolutionizing Smart Contract and Blockchain
Blockchain
An Introduction to Blockchain Technology
Blockchain
How Do Cryptocurrencies Work?
Healthcare IT
AI in Healthcare: Identifying Risks & Saving Money
Advertisements