Many people wonder about PII (Personally Identifiable Information), and what is considered PII. Recently this conversation was discussed among a number of industry experts and the best answers included the following;
- Geographic subdivisions smaller than a State/Province
- All elements of dates (except year) for dates directly related to an individual
- Telephone and Fax numbers;
- Electronic mail addresses;
- Social security numbers;
- Account numbers;
- Certificate/license numbers;
- Vehicle and serial numbers, including license plate;
- Device identifiers and serial numbers;
- URLs and IP address numbers;
- Biometric identifiers, including finger and voice prints;
- Full face photographic images and any comparable images; and
- Any other unique identifying number, characteristic, or code.
Remember to consider these and other potential data points that will be directly tied to an individual, protecting this information should be highly important to you and your users. Consider implementing strict security and access rules, that will limit the number of people that can have direct access to this data. Limit this to only individuals that need access to the detailed data, sharing only obfuscated and high level data outside your Data teams.
Thanks to all those that were involved with the discussion for clarifying this.