Schedule Your Free Network Assessment With BC Networks
What Is PII, Non-PII, and Personal Data?
Data security becomes more important with each passing year. It’s important to have a good understanding of the terms that both governments and the information security industry use. Understanding these terms will help you lead your organization to comply with today’s regulations as well as whatever new regulations are coming down the pike. Today we’ll […]
“BC Networks, Inc. always deliver over and above my expectations.”
Data security becomes more important with each passing year. It’s important to have a good understanding of the terms that both governments and the information security industry use. Understanding these terms will help you lead your organization to comply with today’s regulations as well as whatever new regulations are coming down the pike. Today we’ll define three major terms: personally identifiable information, non-personally identifiable information, and personal data.
Personally Identifiable Information (PII)
Personally identifiable information, or PII, is information that organizations may hold on individuals that can be tied to the individuals’ identities. The National Institute of Standards and Technology provides a legal definition for the USA:
PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
PII comes in two varieties. Linked information is the more sensitive variety. Anything that can by itself be used as an identifier is considered linked information. Social security numbers, driver’s license numbers, full names, and physical addresses are all examples of linked information.
Linkable information is the second category. Linkable information can’t do much on its own, but it becomes powerful when linked with other pieces of information. ZIP code, race, age range, and job information are all examples of linkable information.
Non-Personally Identifiable Information (Non-PII)
Non-personally identifiable information, or non-PII, is information that doesn’t fall into the above categories. All sorts of information falls into this category. In the digital world, IP addresses, cookies, and device IDs are considered non-PII, since (unlike what you see on TV) these pieces of information can’t be used to identify an individual.
Personal data sounds like a casual way to describe the above, but it’s more than that. Personal data is a term used in Europe that is roughly equivalent to PII. Euro-centric publications won’t tend to use the term PII unless discussing something explicitly American. Many of the same principles of PII apply to personal data, but there are some further ramifications that are important to know.
As the USA does with PII, the EU has a specific definition for personal data, defined in GDPR as this:
Article 4(1): ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A Crucial Difference Between PII and Personal Data
One of the most crucial differences between the NIST’s definition of PII and GPDR’s definition of personal data is this: GPDR concludes that even cookies, IP addresses, and “other identifiers such as radio frequency identification tags” can be personal data, especially when combined with other unique identifiers.
In short, the EU’s GPDR guidelines are more restrictive than their USA equivalents. This is the explanation for the rash of “cookie notices” that’s spread around the web, and it could have implications for your business.
If you need more information about PII, non-PII, and personal data, don’t hesitate to reach out. We’re here to serve you and meet your IT needs.
Searching For A New IT Company For Your San Francisco Bay Area Organization?
For 17+ Years, BC Networks has helped large and emerging organizations throughout San Jose and the entire San Francisco Bay Area with all their IT service needs.
Schedule Your Initial Consultation.
Fill out the form below.
Meet Our President & CEO
Dave is an IT Executive with a proven track record of building value, industry relationships, world-class secure network infrastructure, and management teams to lead start-ups to market leadership positions.
Specialties: Office365, Disaster Recovery, Cybersecurity Risk Assessments, Public & Private Cloud solutions, System Design & Architecture, IT support services for Small to Medium-sized Enterprises.
17+ Years of Experience Working With Large & Emerging Organizations
In The San Francisco Bay Area.
Our Results Speak For Themselves!
"BC Networks is one of the best IT support companies I've done business with. Great staff always courteous and knowledgeable. They leverage cutting edge managed services tools that can monitor and protect IT infrastructure from internal and external threats before they happen. BC Networks has different service packages priced to fit almost any sized business. I would highly recommend them!"
Schedule your No-Obligation IT Assessment with BC Networks