personally identifiable information (PII)

Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. 

PII can be sensitive or non-sensitive. Non-sensitive PII is information that can be transmitted in an unencrypted form without resulting in harm to the individual. Non-sensitive PII can be easily gathered from public records, phone books, corporate directories and websites.

Sensitive PII is information which, when disclosed, could result in harm to the individual whose privacy has been breached. Sensitive PII should therefore be encrypted in transit and when data is at rest. Such information includes biometric information, medical information, personally identifiable financial information (PIFI) and unique identifiers such as passport or Social Security numbers.

This was last updated in January 2014

Continue Reading About personally identifiable information (PII)

Dig Deeper on PII and PIFI data privacy and retention

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

The distinction between sensitive and non-sensitive PII is helpful. Is it a generalization (e.g., all phone numbers are non-sensitive because they're found in phone books), or is it tailored to each person (e.g., the numbers included in phone books are non-sensitive, but unlisted numbers are sensitive)?
Unlisted and unpublished numbers are sensitive.


File Extensions and File Formats