Sensitive PII
A subset of personally identifiable information whose loss or unauthorized disclosure could cause an individual substantial harm, embarrassment, or unfairness, warranting heightened safeguards.
Sensitive PII is the high-risk category within personally identifiable information — data that, if exposed, could cause an individual serious harm such as identity theft, discrimination, or reputational damage. Common examples include Social Security and other government numbers, financial account numbers, biometric and genetic data, health and medical information, and details about an individual’s sexual orientation, religion, or criminal history. It also includes ordinary identifiers when paired with a sensitive element, such as a name linked to a diagnosis.
The distinction matters in recordkeeping because Sensitive PII drives stronger controls than routine personal data: tighter access restrictions, encryption, careful handling, and prompt, secure disposition once retention requirements lapse. Misclassifying it as ordinary PII can lead to over-retention and breach exposure, while over-classifying everything dilutes protection where it is truly needed. A records inventory should flag where Sensitive PII lives so that retention schedules, redaction before release, and disposition can be applied accurately and defensibly.