Personally identifiable information
Encyclopedia
Personally Identifiable Information (PII), as used in information security
, is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal, personally, identifiable, and identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used.
Although the concept of PII is ancient, it has become much more important as information technology
and the Internet
have made it easier to collect PII, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk
or steal the identity
of a person, or to plan a person's murder
or robbery
, among other crimes. As a response to these threats, many website privacy policies
specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII.
The following are less often used to distinguish individual identity, because they are traits shared by many people.
However, they are potentially PII, because they may be combined with other personal information to identify an individual.
When a person wishes to remain anonymous, descriptions of them will often employ several of the above, such as "a 34-year-old white male who works at Target
". Note that information can still be private, in the sense that a person may not wish for it to become publicly known, without being personally identifiable. Moreover, sometimes multiple pieces of information, none sufficient by itself to uniquely identify an individual, may uniquely identify a person when combined; this is one reason that multiple pieces of evidence are usually presented at criminal trials. It has been shown that, in 1990, 87% of the population of the United States could be uniquely identified by gender, ZIP code
, and full date of birth.
A term similar to PII, "personal data" is defined in EU directive 95/46/EC, for the purposes of the directive:
Another term similar to PII, "personal information" is defined in a section of the California data breach notification law, SB1386:
The concept of information combination given in the SB1386 definition is key to correctly distinguishing PII, as defined by OMB, from "personal information", as defined by SB1386. Information, such as a name, that lacks context cannot be said to be SB1386 "personal information", but it must be said to be PII as defined by OMB. For example, the name John Smith has no meaning in the current context and is therefore not SB1386 "personal information", but it is PII. A Social Security Number
(SSN) without a name or some other associated identity or context information is not SB1386 "personal information", but it is PII. For example, the SSN 078-05-1120 by itself is PII, but it is not SB1386 "personal information". However the combination of a valid name with the correct SSN is SB1386 "personal information".
The combination of a name with a context may also be considered PII; for example, if a persons' name is on a list of patients for an HIV clinic. However, it is not necessary for the name to be combined with a context in order for it to be PII. The reason for this distinction is that bits of information such as names, although they may not be sufficient by themselves to make an identification, may later be combined with other information to identify persons and expose them to harm.
According to the OMB, it is not always the case that PII is "sensitive", and context may be taken into account in deciding whether certain PII is or is not sensitive.
(HIPAA), is to protect a patient's PII. The U.S. Senate proposed the Privacy Act of 2005, which attempted to strictly limit the display, purchase, or sale of PII without the person's consent. Similarly, the (proposed) Anti-Phishing Act of 2005
attempted to prevent the acquiring of PII through phishing
.
U.S. lawmakers have paid special attention to the social security number
because it can be easily used to commit identity theft
. The (proposed) Social Security Number Protection Act of 2005 and (proposed) Identity Theft Prevention Act of 2005 each sought to limit the distribution of an individual's social security number.
On the other hand, many businesses see this increasing load of legislation as excessive, an unnecessary expense, and a barrier to progress. The increasing complexity of the laws might force companies to consult a lawyer just to engage in simple business practices such as server logging, user registration, and credit checks. Some have predicted such measures may inhibit the industry as a whole, lowering wages and creating a barrier to entry. For this reason, a number of privacy laws stress the "acceptable uses" of PII, such as Massachusetts' Public Records Law and Fair Information Practices Act.
State Laws and Significant Court Rulings
Proposed Federal Bills
Federal Law
Further examples can be found on the EU privacy website
, the tracking down of the identity of a criminal, personally identifiable information is critical in zeroing in on the subject. Criminals will go to great trouble to avoid leaving any PII; they wear masks (faces and hair are PII), gloves (fingerprints are PII), clothing that covers personal marks (tattoos and scars are PII) and avoid writing anything in their own handwriting (handwriting can be PII). Also, more modern 'masks' may be used, such as using a proxy IP address
to avoid being tracked online as easily.
(DoD) has strict policies controlling release of PII of DoD personnel. Many intelligence agencies
have similar policies, sometimes to the point where employees do not disclose to their friends that they work for the agency.
Similar identity protection concerns exist for witness protection
programs, women's shelter
s, and victims of domestic violence and other threats.
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal, personally, identifiable, and identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used.
Although the concept of PII is ancient, it has become much more important as information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
and the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
have made it easier to collect PII, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk
Stalking
Stalking is a term commonly used to refer to unwanted and obsessive attention by an individual or group to another person. Stalking behaviors are related to harassment and intimidation and may include following the victim in person and/or monitoring them via the internet...
or steal the identity
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
of a person, or to plan a person's murder
Murder
Murder is the unlawful killing, with malice aforethought, of another human being, and generally this state of mind distinguishes murder from other forms of unlawful homicide...
or robbery
Robbery
Robbery is the crime of taking or attempting to take something of value by force or threat of force or by putting the victim in fear. At common law, robbery is defined as taking the property of another, with the intent to permanently deprive the person of that property, by means of force or fear....
, among other crimes. As a response to these threats, many website privacy policies
Privacy policy
Privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data...
specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII.
Examples
The following data, often used for the express purpose of distinguishing individual identity, clearly class as PII under the definition used by the U.S. Office of Management and Budget (described in detail below):- Full name (if not common)
- National identification numberNational identification numberA national identification number, national identity number, or national insurance number is used by the governments of many countries as a means of tracking their citizens, permanent residents, and temporary residents for the purposes of work, taxation, government benefits, health care, and other...
- IP addressIP addressAn Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
(in some cases) - Vehicle registration plateVehicle registration plateA vehicle registration plate is a metal or plastic plate attached to a motor vehicle or trailer for official identification purposes. The registration identifier is a numeric or alphanumeric code that uniquely identifies the vehicle within the issuing region's database...
number - Driver's licenseDriver's licenseA driver's license/licence , or driving licence is an official document which states that a person may operate a motorized vehicle, such as a motorcycle, car, truck or a bus, on a public roadway. Most U.S...
number - Face, fingerprintFingerprintA fingerprint in its narrow sense is an impression left by the friction ridges of a human finger. In a wider use of the term, fingerprints are the traces of an impression from the friction ridges of any part of a human hand. A print from the foot can also leave an impression of friction ridges...
s, or handwritingHandwritingHandwriting is a person's particular & individual style of writing with pen or pencil, which contrasts with "Hand" which is an impersonal and formalised writing style in several historical varieties... - Credit card numbers
- Digital identityDigital identityDigital identity is the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things...
- Date of birth
- Birthplace
- Genetic informationGeneticsGenetics , a discipline of biology, is the science of genes, heredity, and variation in living organisms....
The following are less often used to distinguish individual identity, because they are traits shared by many people.
However, they are potentially PII, because they may be combined with other personal information to identify an individual.
- First or last name, if common
- Country, state, or city of residence
- Age, especially if non-specific
- GenderGenderGender is a range of characteristics used to distinguish between males and females, particularly in the cases of men and women and the masculine and feminine attributes assigned to them. Depending on the context, the discriminating characteristics vary from sex to social role to gender identity...
or race - Name of the school they attend or workplace
- Grades, salary, or job position
- Criminal recordCriminal recordA criminal record is a record of a person's criminal history, generally used by potential employers, lenders etc. to assess his or her trustworthiness. The information included in a criminal record varies between countries and even between jurisdictions within a country...
When a person wishes to remain anonymous, descriptions of them will often employ several of the above, such as "a 34-year-old white male who works at Target
Target Corporation
Target Corporation, doing business as Target, is an American retailing company headquartered in Minneapolis, Minnesota. It is the second-largest discount retailer in the United States, behind Walmart. The company is ranked at number 33 on the Fortune 500 and is a component of the Standard & Poor's...
". Note that information can still be private, in the sense that a person may not wish for it to become publicly known, without being personally identifiable. Moreover, sometimes multiple pieces of information, none sufficient by itself to uniquely identify an individual, may uniquely identify a person when combined; this is one reason that multiple pieces of evidence are usually presented at criminal trials. It has been shown that, in 1990, 87% of the population of the United States could be uniquely identified by gender, ZIP code
ZIP Code
ZIP codes are a system of postal codes used by the United States Postal Service since 1963. The term ZIP, an acronym for Zone Improvement Plan, is properly written in capital letters and was chosen to suggest that the mail travels more efficiently, and therefore more quickly, when senders use the...
, and full date of birth.
In privacy law
The U.S. government used the term "personally identifiable" in 2007 in a memorandum from the Executive Office of the President, Office of Management and Budget (OMB), and that usage now appears in US standards such as the NIST Guide to Protecting the Confidentiality of Personally Identifiable Information (SP 800-122). The OMB memorandum defines PII as follows:- Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.
A term similar to PII, "personal data" is defined in EU directive 95/46/EC, for the purposes of the directive:
- Article 2a: 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
Another term similar to PII, "personal information" is defined in a section of the California data breach notification law, SB1386:
- (e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (f) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
The concept of information combination given in the SB1386 definition is key to correctly distinguishing PII, as defined by OMB, from "personal information", as defined by SB1386. Information, such as a name, that lacks context cannot be said to be SB1386 "personal information", but it must be said to be PII as defined by OMB. For example, the name John Smith has no meaning in the current context and is therefore not SB1386 "personal information", but it is PII. A Social Security Number
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
(SSN) without a name or some other associated identity or context information is not SB1386 "personal information", but it is PII. For example, the SSN 078-05-1120 by itself is PII, but it is not SB1386 "personal information". However the combination of a valid name with the correct SSN is SB1386 "personal information".
The combination of a name with a context may also be considered PII; for example, if a persons' name is on a list of patients for an HIV clinic. However, it is not necessary for the name to be combined with a context in order for it to be PII. The reason for this distinction is that bits of information such as names, although they may not be sufficient by themselves to make an identification, may later be combined with other information to identify persons and expose them to harm.
According to the OMB, it is not always the case that PII is "sensitive", and context may be taken into account in deciding whether certain PII is or is not sensitive.
United States of America
Recently lawmakers have paid a great deal of attention to protecting a person's PII. One of the primary focuses of the Health Insurance Portability and Accountability ActHealth Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. It was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum . Title I of HIPAA protects health insurance coverage for workers and their...
(HIPAA), is to protect a patient's PII. The U.S. Senate proposed the Privacy Act of 2005, which attempted to strictly limit the display, purchase, or sale of PII without the person's consent. Similarly, the (proposed) Anti-Phishing Act of 2005
Anti-Phishing Act of 2005
The Anti-Phishing Act of 2005 was a United States bill to combat phishing and pharming...
attempted to prevent the acquiring of PII through phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
.
U.S. lawmakers have paid special attention to the social security number
Social Security number
In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary residents under section 205 of the Social Security Act, codified as . The number is issued to an individual by the Social Security Administration, an independent...
because it can be easily used to commit identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
. The (proposed) Social Security Number Protection Act of 2005 and (proposed) Identity Theft Prevention Act of 2005 each sought to limit the distribution of an individual's social security number.
On the other hand, many businesses see this increasing load of legislation as excessive, an unnecessary expense, and a barrier to progress. The increasing complexity of the laws might force companies to consult a lawyer just to engage in simple business practices such as server logging, user registration, and credit checks. Some have predicted such measures may inhibit the industry as a whole, lowering wages and creating a barrier to entry. For this reason, a number of privacy laws stress the "acceptable uses" of PII, such as Massachusetts' Public Records Law and Fair Information Practices Act.
State Laws and Significant Court Rulings
- California
- The California state constitution declares privacy an inalienable right in Article 1, Section 1.
- California Online Privacy Protection Act(OPPA) of 2003Online Privacy Protection ActThe California Online Privacy Protection Act of 2003 , effective as of July 1, 2004, is a California State Law. According to this law, operators of commercial websites that collect personally identifiable information from California's residents are required to conspicuously post and comply with a...
- SB 1386SB 1386SB1386, amending civil codes 1798.29, 1798.82 and 1798.84 is a California law regulating the privacy of personal information. The law was introduced by California State Senator Peace on February 12, 2002, and became operative July 1, 2003....
requires organizations to notify individuals when PII is known or believed to be acquired by an unauthorized person. - In 2011, the California State Supreme Court ruled that a person's ZIP code is PII.
- Nevada
- Nevada Revised Statutes 603A-Security of Personal Information
- Massachusetts
- 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth
Proposed Federal Bills
- Consumer Privacy Protection Act of 2005
- Information Protection and Security Act
- Identity Theft Prevention Act of 2005
- Online Privacy Protection Act of 2005
- Privacy Act of 2005
- Wireless 411 Privacy Act
Federal Law
- Title 18 of the United States Code, section 1028d(7)
- US "Safe Harbor" Rules (EU Harmonisation)
European Union (member states)
- Article 8 of the European Convention on Human Rights
- Directive 95/46/EC (Data Protection Directive)
- Directive 2002/58/EC (the E-Privacy Directive)
- Directive 2006/24/EC Article 5 (The Data Retention Directive)
Further examples can be found on the EU privacy website
United Kingdom & Ireland
- The UK Data Protection Act 1998
- The Irish Data Protection Acts 1998 and 2003
- Article 8 of the European Convention on Human Rights
- The UK Regulation of Investigatory Powers Act 2000
- Employers' Data Protection Code of Practice
- Model Contracts for Data Exports
- The Privacy and Electronic Communications (EC Directive) Regulations 2003
- The UK Interception of Communications (Lawful Business Practice) Regulations 2000
- The UK Anti-Terrorism, Crime & Security Act 2001
- The UK Privacy & Electronic Communications (EC Directive) Regulations 2003
Forensics
In forensicsForensics
Forensic science is the application of a broad spectrum of sciences to answer questions of interest to a legal system. This may be in relation to a crime or a civil action...
, the tracking down of the identity of a criminal, personally identifiable information is critical in zeroing in on the subject. Criminals will go to great trouble to avoid leaving any PII; they wear masks (faces and hair are PII), gloves (fingerprints are PII), clothing that covers personal marks (tattoos and scars are PII) and avoid writing anything in their own handwriting (handwriting can be PII). Also, more modern 'masks' may be used, such as using a proxy IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
to avoid being tracked online as easily.
Personal safety
In some professions, it is dangerous for a person's identity to become known, because this information might be exploited violently by their enemies; for example, their enemies might hunt them down or kidnap loved ones to force them to cooperate. For this reason, the United States Department of DefenseUnited States Department of Defense
The United States Department of Defense is the U.S...
(DoD) has strict policies controlling release of PII of DoD personnel. Many intelligence agencies
Intelligence agency
An intelligence agency is a governmental agency that is devoted to information gathering for purposes of national security and defence. Means of information gathering may include espionage, communication interception, cryptanalysis, cooperation with other institutions, and evaluation of public...
have similar policies, sometimes to the point where employees do not disclose to their friends that they work for the agency.
Similar identity protection concerns exist for witness protection
Witness protection
Witness protection is protection of a threatened witness or any person involved in the justice system, including defendants and other clients, before, during and after a trial, usually by police...
programs, women's shelter
Women's shelter
A women's shelter is a place of temporary refuge and support for women escaping violent or abusive situations, such as rape, and domestic violence....
s, and victims of domestic violence and other threats.
See also
- AnonymityAnonymityAnonymity is derived from the Greek word ἀνωνυμία, anonymia, meaning "without a name" or "namelessness". In colloquial use, anonymity typically refers to the state of an individual's personal identity, or personally identifiable information, being publicly unknown.There are many reasons why a...
- Personal identifier
- Personal identity (philosophy)
- PseudonymityPseudonymityPseudonymity is a word derived from pseudonym, meaning 'false name', and anonymity, meaning unknown or undeclared source, describing a state of disguised identity. The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names...
External links
- Security Guidelines and Best Practices Office of Information Technology PII
- A History of Privacy Issues: Personally Identifiable Information. Discusses privacy issues of the P-Trak system.
- Network Advertising Initiative. An internet advertising industry group defining guidelines to protect privacy, definitions of PII.