Personally Identifiable Information (PII), as used in information security Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal, personally, identifiable, and identifying. Not all are equivalent. The effective definitions vary depending on the jurisdiction, and the purposes for which the term is being used. The US government used personally identifiable in 2007 in a memorandum from the Executive Office of the President, Office of Management and Budget (OMB)[1], and that usage now appears in US standards such as the NIST The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards (NBS), is a measurement standards laboratory which is a non-regulatory agency of the United States Department of Commerce. The institute's official mission is: Guide to Protecting the Confidentiality of Personally Identifiable Information. The OMB memorandum defines PII as follows:

Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

A term similar to PII, "personal data" is defined in EU directive 95/46/EC, for the purposes of the directive:[2]

Article 2a: 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

Another term similar to PII, "personal information" is defined in a section of the California data breach notification law, SB1386[3]:

(e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (f) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

The concept of information combination given in the SB1386 definition is key to correctly distinguishing PII, as defined by OMB, from "personal information", as defined by SB1386. Information, such as a name, that lacks context cannot be said to be SB1386 "personal information", but it must be said to be PII as defined by OMB. For example, the name John Smith has no meaning in the current context and is therefore not SB1386 "personal information", but it is PII. A Social Security Number In the United States, a Social Security number is a nine-digit number issued to U.S. citizens, permanent residents, and temporary (working) residents under section 205(c)(2) of the Social Security Act, codified as 42 U.S.C. § 405(c)(2). The number is issued to an individual by the Social Security Administration, an independent agency of the (SSN) without a name or some other associated identity or context information is not SB1386 "personal information", but it is PII. For example, the SSN 078-05-1120 by itself is PII, but it is not SB1386 "personal information". However the combination of a valid name with the correct SSN is SB1386 "personal information".[4]

The combination of a name with a context may also be considered PII. For example if a person’s name is on a list of patients for a clinic known for treating people with a specific illness such as AIDS. However, it is not necessary for the name to be combined with a context in order for it to be PII. The reason for this distinction is that bits of information such as names, although they may not be sufficient by themselves to make an identification, may later be combined with other information to identify persons and expose them to harm.

Although the concept of PII is ancient, it has become much more important as information technology Information technology , as defined by the Information Technology Association of America (ITAA), is "the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware." IT deals with the use of electronic computers and computer software to and the Internet The Internet is a global system of interconnected computer networks that use the standard Internet Protocol Suite to serve billions of users worldwide. It is a network of networks that consists of millions of private and public, academic, business, and government networks of local to global scope that are linked by a broad array of electronic and have made it easier to collect PII, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity Identity theft is a term used that is to refer to fraud that involves someone pretending to be someone else in order to steal money or get other benefits. The term dates to 1964 and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences of a person, or to plan a person's murder Murder, as defined in common law countries, is the unlawful killing of another human being with intent , and generally this state of mind distinguishes murder from other forms of unlawful homicide (such as manslaughter). As the loss of a human being inflicts enormous grief upon the individuals close to the victim, as well as the fact that the or robbery Robbery is the crime of seizing property through violence or intimidation, as opposed to stealth or fraud . At common law, robbery is defined as taking the property of another, with the intent to permanently deprive the person of that property, by means of force or fear. Precise definitions of the offence may vary between jurisdictions. Robbery, among other crimes. As a response to these threats, many web site privacy policies A privacy policy is a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer's data. The exact contents of a privacy policy will depend upon the applicable law and may need to address the requirements of multiple countries or jurisdictions. While there is no universal guidance for the content specifically address the collection of PII, and lawmakers have enacted a series of legislation to limit the distribution and accessibility of PII. However, according to the OMB, it is not always the case that PII is "sensitive", and context may be taken into account in deciding whether certain PII is or is not sensitive.[5]

Contents

Show All>>

 

The above information uses material from Wikipedia and is licensed under the GNU Free Documentation License The purpose of this License is to make a manual, textbook, or other functional and useful document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a.
Some facts may not have been fully verified for accuracy. [Disclaimers Wikipedia is an online open-content collaborative encyclopedia, that is, a voluntary association of individuals and groups working to develop a common resource of human knowledge. The structure of the project allows anyone with an Internet connection to alter its content. Please be advised that nothing found here has necessarily been reviewed by]
This page was last archived by our server on Wed Mar 3 20:04:44 2010. [ refresh local cache ]
Displaying this page or its contents does not use any Wikimedia Foundation's resources.
The owners of this site proudly support the Wikimedia Foundation.

[Hide]▼
'Personally Identifiable Information' News
Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective ... - CNNMoney.com (press release)
news.google.com
Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective ...

CNNMoney.com (press release)

... theft of customer credit card information or other financial information, and theft of customer personally identifiable information . ...

89 percent of companies the victim of a cyber attack in 2009 Dynamic Business

Who lost business to cyber-weaknesses? Everybody, according to survey San Francisco Chronicle (blog)

Hack attack - rising risk for business Sydney Morning Herald

SC Magazine UK  - SC Magazine US

all 134 news articles »
Google News Search: Personally identifiable information,
Thu Mar 4 01:43:50 2010
'Personally Identifiable Information' Images
baby2 bmp
ilookbothways.com
baby2 bmp
334px x 455px | 446.30kB

[source page]

meet the parents at the hospital or clinic or befriend them in some way to learn more about the family When you click the parent s registry number you get even more detail as shown below As you dig deeper you get such information as the baby s gender grandparents names and of course what gifts have been requested and bought

Yahoo Images Search: Personally identifiable information,
Mon Feb 15 20:12:38 2010
[Hide]▲