Personally Identifiable Information (PII)
Any information that can identify a specific individual, alone or combined with other data — requiring heightened protection and careful retention.
Personally identifiable information (PII) is any information that can be used to identify a specific individual, either on its own or in combination with other available data. It includes direct identifiers (name, Social Security number, email address), indirect identifiers that identify someone in combination (such as date of birth plus ZIP code), and especially sensitive categories such as health, financial, and biometric data.
Records containing PII carry heightened obligations: stronger access controls, careful retention aligned with privacy law’s storage-limitation principle, and secure disposition. Because holding PII is a liability as well as an asset, data minimization — keeping only what is needed, only as long as needed — is the guiding discipline. An organization can only protect and dispose of PII properly if it knows what personal data it holds and where, which is what a records inventory provides.