← Glossary·Privacy

PII (Personally Identifiable Information)

GDPRCCPAHIPAA

Information that can identify a specific individual, directly or in combination with other data.

Personally Identifiable Information (PII) is data that identifies, contacts, or locates a single person, or that can be used with other sources to identify an individual. Direct identifiers (name, SSN, email) and quasi-identifiers (ZIP + DOB + gender, famously) both count.

Why it matters
Scoping what is and isn't PII dictates which frameworks apply and how much of your system falls inside the regulated boundary.

Related terms

Personal Data (GDPR)
Any information relating to an identified or identifiable natural person (data subject) — Art. 4(1).
PHI (Protected Health Information)
Individually identifiable health information held or transmitted by a HIPAA covered entity or business associate.
Sensitive Personal Information (SPI)
Special category of personal data — health, biometrics, race, religion, sexual orientation, precise geolocation, etc.

Does your program actually cover PII (Personally Identifiable Information)?

Run a free ComplianceIQ audit against GDPR and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free GDPR auditBack to glossary