Personally Identifiable Information (PII)
PII is any information about an individual maintained by an agency, including:
- any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and
- any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
PII whose disclosure could result in harm to the individual whose name or identity is linked to that information. Examples include, but are not limited to, SSN; credit card number; bank account number; residential address; residential or personal telephone; biometric identifier (image, fingerprint, iris, etc.); date of birth; place of birth; mother’s maiden name; criminal records; medical records; and financial records. The conjunction of one data element with one or more additional elements increases the level of sensitivity and/or propensity to cause harm in the event of compromise.
PII whose disclosure cannot reasonably be expected to result in personal harm. Examples include first/last name; e-mail address; business address; business telephone; and general education credentials that are not linked to or associated with any protected PII.