ELI5: What is Personally Identifiable Information?
Any detail that points back to exactly who you are — like your full name, home address, or birthday. It’s the kind of info on a name tag that only belongs to you.
Definition
Personally Identifiable Information (PII) is any data that can be used to identify, locate, or contact a specific individual, either directly or when combined with other information. PII is the central concern of privacy regulations worldwide (GDPR, CCPA, HIPAA, GLBA). It encompasses obvious identifiers (full name, Social Security Number, passport number) as well as quasi-identifiers that can identify individuals when combined (ZIP code + date of birth + gender).
Key Details
- Direct identifiers: name, SSN, driver’s license number, passport number, biometric data (fingerprints, retinal scans)
- Indirect/quasi-identifiers: date of birth, IP address, device identifiers, location data — context-dependent
- NIST defines two categories: “Linked PII” (directly identifies) and “Linkable PII” (identifies when combined with other data)
- GDPR’s definition of personal data is broader than the US definition of PII — it includes any information relating to an identifiable person
- Sensitive PII (financial, health, biometric, race/ethnicity, sexual orientation) requires additional protections under most regulations
Connections
- Parent: privacy — PII protection is the central objective of privacy programs
- See also: phi-protected-health-information
- See also: anonymization-vs-pseudonymization