Protecting PII: Examples, laws, and standards

PII definition: What is personally identifiable information?

PII, or personally identifiable information, is any piece of data that someone could use to figure out who you are. Some types of PII are obvious, such as your name or Social Security number, but others are more subtle—and some data points only become PII when analyzed in combination with one another.

The United States General Services Administration uses a fairly succinct and easy-to-understand definition of PII:

The term “PII” ... refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available—in any medium and from any source—that, when combined with other available information, could be used to identify an individual.

To read this article in full, please click here