What is Personally Identifiable Information?
By DON CIO Privacy Team - Published, July 15, 2011
The following information is provided to help you better understand what constitutes personally identifiable information (PII). It also attempts to explain what PII elements are considered "sensitive" and "non-sensitive" and the roll these categories play when reporting a loss or compromise of PII (i.e., a breach) or determining when a Privacy Impact Assessment (PIA) is required for an information technology system.
Context can be very important when determining whether a PII breach is considered high or low risk with regards to the potential for individual harm or identity theft.
PII is defined in DoD 5400.11-R, Department of Defense Privacy Program, May 14, 2007 as:
Information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., a social security number; age; military rank; civilian grade; marital status; race; salary; home phone numbers; other demographic, biometric, personnel, medical, and financial information, etc. Such information is also known as personally identifiable information (i.e., information which can be used to distinguish or trace an individual's identity, such as their name, social security number, date and place of birth, mother's maiden name, biometric records, including any other personal information which is linked or linkable to a specified individual).
For purposes of determining whether individual notifications would be required if there were a PII breach or whether a PIA was required for an IT system that collects PII, PII elements are categorized as sensitive PII (i.e., if this information was lost or compromised it could potentially result in harm or identity theft) or non-sensitive PII, also known as Internal Government Operations or business related PII, (i.e., the risk of harm or identity theft associated with the loss or compromise would be minimal to non-existent). Non-sensitive PII is considered releasable to the public per DoD 5400.11-R (see paragraph C126.96.36.199).
The context of any loss or compromise of PII must be taken into account when determining risk. For example, a list of personnel with office phone numbers would be considered non-sensitive PII. However, if this same list also indicated that these individuals had contracted a terminal disease it would now be considered sensitive PII.
Examples of sensitive PII elements include, but are not limited to:
Examples of non-sensitive PII elements include, but are not limited to:
- Name and other names used;
- Social Security number, full and truncated;
- Driver's license and other identification numbers;
- Citizenship, legal status, gender, race/ethnicity;
- Birth date, place of birth;
- Home and personal cell telephone numbers;
- Personal email address, mailing and home address;
- Religious preference;
- Security clearance;
- Mother's middle and maiden names;
- Spouse information, marital status, child information, emergency contact information;
- Financial information, medical information, disability information;
- Law enforcement information, employment information, educational information; and
- Military records.
- Office location;
- Business telephone number;
- Business email address;
- Badge number; and
- Other information that is releasable to the public.