PII

What is Personally Identifiable Information?

Personal data

Personal data is any information that can be used to directly (PII) or indirectly (non-PII) identify a specific individual. This includes information that is factual or subjective, and can relate to a person’s physical, mental, social, economic or cultural identity.

Data protection regulations such as GDPR, HIPAA, or CCPA mandate that organizations that collect, store, or process personal data (PII and non-PII) must take appropriate steps to ensure its privacy and security. This includes implementing security measures to prevent data breaches and unauthorized access to personal data, notifying individuals in the event of a data breach, and providing individuals with the ability to access, modify, or delete their personal data.

What is PII?

Personally Identifiable Information

PII stands for Personally Identifiable Information. It is any personal information that can be used to directly identify a specific individual. Hence, PII is considered as highly sensitive and confidential information, because it can be used to directly identify an individual. In datasets and databases, PII acts as identifier to preserve for example foreign key relations.

  • PII: personal information that can be used to directly identify individuals and typically acts as identifier to preserve for example foreign key relations.

Here are some examples of Personally Identifiable Information (PII):

  • Full name
  • Address
  • Social Security number
  • Date of birth
  • Driver’s license number
  • Passport number
  • Financial information (bank account number, credit card number, etc.)
  • Email address
  • Phone number
  • Educational information (transcripts, academic records, etc.)
  • IP address

This is not an exhaustive list, but it gives you an idea of the types of information that are considered PII and should be protected to ensure the privacy and security of individuals.

What is non-PII?

Non-PII stands for Non-Personally Identifiable Information. It refers to any personal information that can be used to identify a specific individual indirectly . Non-PII is considered as sensitive, especially in combination with other non-PII variables, because when having a combination of 3 non-PII variables, one can easily identify individuals. Non- PII can be used to analyse patterns and trends, which can help organizations make informed decisions about their products, services, and strategies.

  • Non-PII: only with combinations of non-PII, one can identify individuals. Non-PII can be valuable to organizations for analytics to find trends, patterns, and insights.

According to privacy regulations, organizations are expected to handle personal data, which include both PII and non-PII, in a responsible and ethical manner, and to ensure that it is not used in ways that could harm individuals or violate their privacy.

Here are some examples of non-PII (Non Personally Identifiable Information):

  • Age
  • Gender
  • Occupation
  • Zip codes or regions
  • Income
  • Patient visit counts
  • admission/discharge dates
  • Medical diagnosis
  • Medication
  • Transactions
  • Type of investment / products

PII scanner document

Explore our PII Scanner document