Personally Identifiable Information (PII)

Personally Identifiable Information or PII can be considered Sensitive Personal Information (SPI) or non-sensitive personal information. PII can be used alone or in combination with other information to identify, contact, or locate a person. Personally Identifiable Information or PII is any data that could potentially identify specific individual. Any information that can be used to distinguish one person from another and can be used to de-anonymize anonymous data or person can be considered PII.

The PII abbreviation is widely accepted in the US, but Personally Identifiable Information  has four common variants based on personal / personally, and identifiable / identifying.

Sensitive PII is information which, when disclosed, could result in harm to the individual whose privacy has been breached. Non-sensitive PII can be easily collected from publicly available records, phone books, corporate directories and websites.

In order to ensure privacy, businesses which collect PII in the course of their business should encrypt Sensitive PII in transit, databases or at rest, and on backup tapes. Non-sensitive PII is information that does not need to be encrypted because its disclosure does not pose a risk to the person.

One other issue to point out before you read the list of PII is that access to PII must be approved, appropriate, and reviewed periodically.

 

Personally Identifiable Information List

Sensitive PII which may individually or collectively with other PII identify, contact or locate a person may include any of the following:

  • First or last name,
  • Social security number or national ID number
  • Taxpayer info,
  • Date and place of birth,
  • Home phone number,
  • Home address,
  • Education, training, courses taken, and scores,
  • Disciplinary actions,
  • Grant information,
  • Loan information,
  • Payment history,
  • Student tuition info,
  • Work experience,
  • Job description,
  • Work benefit info,
  • Rent information,
  • Home title and mortgage info,
  • Passwords and pass codes,
  • Gender,
  • Citizenship,
  • nationality, race or ethnicity,
  • Visa information,
  • Payroll information,
  • Performance reviews,
  • Mother's maiden name,
  • Email (if private from an association/club membership, etc.)
  • IP address
  • Biometric records, digital identity, and genetic data
  • Vehicle Identification Number,
  • Driver’s license number,
  • Credit card number,
  • Age,
  • Marital status,
  • Salary,
  • Other demographic,
  • Financial information,
  • Medical, health and prescription information,
  • Certificate or license numbers,
  • Device identification or serial numbers,
  • Web URLs,
  • Face photographs and images,
  • login name or  screen name,
  • Name of the school attended, 
  • Work and workplace history,
  • Grades, salary, or job position,
  • Criminl records,
  • Web cookies,
  • Other names used,
  • Cell telephone numbers,
  • Personal email address,
  • Religious preference,
  • Security clearance,
  • Mother's middle and maiden names,
  • Spouse information, marital status, child information, emergency contact information,
  • Child adoption info,
  • Disability information,
  • Law enforcement information, 
  • Employment information, 
  • Income history,
  • Credit reports, scores and ratings,
  • Account balances,
  • ACH numbers, and
  • Military records.

Examples of non-sensitive PII include, but are not limited to:

  • Office location,
  • Business telephone number,
  • Business email address,
  • Work badge number, and
  • Other information that is releasable to the public.

Identity Management Certifications

Identity Theft Courses