Universal security and privacy automation
Protect data and manage risk
Analyze conversational chat data
Reduce the time and cost to comply
Self-service without friction or delay
Align data protection and business use
Tailor access controls and data privacy
Flexible, consistent, scalable
Automate actionable compliance steps
Who we integrate with
Our professional services
Power responsible use
From clinical to commercial
Optimize data tests
Open new revenue streams
Realize the potential of the cloud
Protect data from misuse
Transform your data
Opinion and industry insights
An A to Z of the industry
The podcast for data leaders
Press releases, awards, and more
Staying at the cutting edge
The team behind Privitar
A thriving partner ecosystem
Our story, values, and careers
Dedicated customer assistance
The A-Z of Privacy
Personally Identifiable information (PII) relates to information about people, but the scope of the term has changed over time and varies between users. Because of these inconsistencies, it is recommended that this term is not used. Instead, the phrase personal information should be used to denote information relating to individuals, and direct identifiers should be used to denote information that identifies individuals, such as name or account number. Therefore, direct identifiers are personal information, but personal information is not necessarily direct identifiers.
Historically PII was a term used in the US synonymous with direct identifiers (for example name, address, account ID, email and so on). Other data about people that didn’t directly identify them was called non-PII. Over time the potential to identify people using quasi-identifiers has led to the definition of PII being expanded to include quasi-identifiers as well and to mean something closer to the broader terms, personal data or personal information. However this expansion in its use has not been universal, leading to some confusion over its meaning. Modern US laws and guidelines, such as the CCPA, tend not to use the term, favoring personal information instead, which has a broader meaning, analogous to the GDPR definition of personal data.
As NIST state: “The phrase Personally Identifiable Information (PII) is typically used to indicate information that contains identifiers specific to individuals, although there are a variety of definitions for PII in various law, regulation, and agency guidance documents. Because of these multiple different definitions, it is possible to have information that singles out individuals but which does not meet a particular definition of PII. An added complication is that some documents use the phrase PII to denote any information that is attributable to individuals, or information that is uniquely attributable to a specific individual, while others use the term strictly for data that are in fact identifying Because of these inconsistencies, this document avoids the term “personally identifiable information”.
Return to glossary
Our experts are ready to answer your questions and discuss how Privitar’s security and privacy solutions can fuel your efficiency, innovation, and business growth.