Personally identifiable information—or PII—is critically important data for individuals and businesses, not only because operations rely on many of these data points but there are also significant circumstances for losing it. Of course, to properly protect PII, you need to know what the umbrella term of PII includes.
What Counts as PII?
According to the National Institute of Standards and Technology’s (NIST) Computer Security Resource Center (CSRC) PII includes:
“Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.”
So, let’s say your business had collected data on a user named James Jones. We’ll run through a few examples of what would qualify as James Jones’ PII.
Examining Personally Identifiable Information
In the case of James Jones, your business would be on the hook for losing his data if that data included the following:
- His name
- His address
- His phone number
- His personal identification numbers
- His information that identifies his property
- His personal features
- His asset information
Other Information Can Be Combined to Create PII
Even if you’ve secured all of James Jones’ above information, you may not be off the hook. More data can be identified as PII if combined with other forms, like the following:
- His date and place of birth
- His race
- His religion
- His weight
- His activities
- His geographic location
- His employment history
- His medical data
- His educational history
- His financial data
- His family information
So, if someone were to collect James Jones’ employment history and family information, they now have enough to classify as PII.
PII is Critical to Protect… Are You Prepared?
If not, reach out to Data Net! We can help assess your business’ cybersecurity and data handling habits… and, more importantly, help you correct any issues we find. Give us a call at (760) 466-1200 to get started.