Personally identifiable information

Personally identifiable information (PII) refers to any data that can be used, either alone or in combination with other information, to identify an individual. It is found in ecommerce platforms, mobile apps, healthcare software, enterprise software, and many other places. 

In determining whether a piece of data is PII, context matters.  Some information, such as a zip code, might not be considered PII on its own but becomes PII when combined with other identifiers. In addition, the definition of PII can vary depending on the jurisdiction or the specific regulations governing the data.

Organizations must ensure that PII is encrypted, anonymized, or otherwise secured to prevent unauthorized access. PII is often subject to stringent privacy regulations (for example, GDPR, CCPA, and HIPAA) and must be handled with care to protect individuals' privacy and prevent misuse.

Personally identifiable information typically includes the following categories:

• Direct identifiers: These are pieces of information that can directly identify an individual without the need for additional data
  • Full name
  • Email address
  • Phone number
  • Physical address
  • Social security number (SSN)
  • Passport number
  • Driver's license number
• Indirect identifiers: These are pieces of information that, when combined with other data, can be used to identify an individual
  • Date of birth
  • IP address
  • Geolocation data
  • Login credentials
  • Device identifiers
  • Browser cookies
  • Customer or account IDs
• Sensitive PII: This category includes highly sensitive information that is often protected under specific laws and regulations
  • Biometric data
  • Health information
  • Financial information
  • Genetic information
• Contextual information: In certain cases, non-identifiable data becomes PII if combined with other information
  • Employment information
  • Educational information
  • Purchase history