Personally identifiable information (PII) is any digital data that can locate, contact or identify a specific individual, either by itself or combined with other easily accessible information. It includes information that is linked to an individual through financial, medical, educational or employment records.
PII is mainly used in information security (IS) services to search, locate and identify specified individuals.
PII is considered sensitive information that can consist of information such as fingerprints, biometric data, names, telephone numbers, email addresses, passports or social security numbers to identify a certain person.
It does not include public information that is lawfully made available to the general public from federal, state, or local government record. It is up to federal agencies to safeguard personally identifiable and other sensitive information. It should only be accessed on a need-to-know basis and handled with care.
It is important to protect PII and even personal health information (PHI), which also contains certain aspects of PII that relate to the medical field. People are required to sign statements that specifically allow health care providers to access their records or share the information with a person of choice. The data can help when needed but can be dangerous when misused.
If a data breach were to occur, it can be devastating to a company and its employees. Not only would the loss of a reputation for the company be an issue, but also the thousands of people whose data was stolen would be at risk.
It goes without saying that PII data that is transmitted must be secure and encrypted so that outsiders of the organization or company cannot decipher it.