Personally identifiable information (PII) is any information that could potentially identify a particular individual. PII breach involves the compromise, access and/or disclosure of personally identifiable information by unauthorized persons using either physical or electronic means.
According to NIST Special Publication 800-122, PII is ―any information about an individual maintained by an agency that
- can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and
- is linked or linkable to an individual, such as medical, educational, financial, and employment information
PII may also include other information such as personal characteristics, religion, education information, financial information, criminal record, etc.
PII can be of different sensitivity levels. Sensitive PII is information, which if lost, compromised, or disclosed by unauthorized persons, could cause substantial harm, embarrassment, inconvenience, or unfairness to the victim.