Under privacy laws, personal Identifiable Information (PII) refers to information capable of being solely used, or combined with others, to identify, locate, or contact an individual. The United States’ National Institute of Standards and Technology (NIST)’s Guide to Protecting the Confidentiality of Personally Identifiable Information defines PII as “information such as a name, social security number, and biometric records usable in distinguishing or tracing individual Identity.”
Because of their delicate nature, sensitive PII is mandated to be secured both when being stored and transmitted, and such security typically comes by way of encryption. Non-sensitive ones, on the other hand, have relaxed rules and therefore do not have stringent requirements that guide dealings with them.
What Qualifies as PII?
The ensuing question would then be – what are the categories of information that are classified as PII? This distinction is important to companies and internet users alike as it helps to figure out the class of data that has stringent storage, security, or compliant requirements on them.
Taking a good look at the NIST PII Guide, it becomes abundantly clear that the following types of data qualify as PII because they unequivocally help to Identify and distinguish humans:
Clear Identifiers: Full name (if not common), face, home address, email, ID number, passport number, driver’s license, vehicle plate number, fingerprint or handwriting, digital identity, credit card number, date of birth, birthplace, genetic information, and phone number.
Quasi Identifier/Pseudo Identifier: These are information that when combined with other information can be used to identify humans. It includes gender, zip code, date of birth.