Join us for a live discussion on recent bank failures and the importance of resilient payment systems.Learn more
According to the Department of Labor (DOL), Personal Identifiable Information (PII) is any information from which a person’s identity can be either directly or indirectly inferred.
PII is media-agnostic, so the definition applies to paper, electronic, and any other types of data. This may include information:
- Like name, social security number address, email address, or other identifying codes or numbers that are directly tied to an individual
- Like a combination of birth date, geography, gender, race, and other descriptors that can be linked to other data elements to identify a specific individual
- That allows a person to be contacted, either physically or online
Since PII includes information from which a person’s identity can be directly or indirectly inferred, it’s important to understand the difference between direct and indirect identifiers:
- Direct identifiers – these allow a person to be identified without additional information (social security numbers, passport numbers, driver’s license numbers, bank account information, etc.)
- Indirect identifiers – these can identify a person when coupled with additional data (the last four digits of a person’s social security number, birth date, street address without the city, etc.)
What is the History of PII?
The United States first passed a federal law around the collection, storage, use, and dissemination of Personal Identifiable Information with the Privacy Act of 1974. This act specifically applied to PII maintained by federal agencies. The Privacy Act has since been amended to include:
- Protections against the disclosure of Personal Identifiable Information records without a person’s consent
- Rules that govern the collection of a person’s Social Security Number
- Prohibitions against the maintenance of records on how a person exercises their First Amendment rights
- Rights for individuals to access and request corrections on any maintained records about their identity.
PII Meaning and Significance
How one defines PII's meaning impacts how confidentiality rules and compliance with regulations apply. Since the loss of Personal Identifiable Information can cause significant harm to individuals, there are safeguards across industries to protect it. There are myriad federal laws that govern the collection, use, transmission, processing, and disclosure of PII, including:
- Health Insurance Portability and Accountability Act (HIPAA) – HIPAA creates national standards to prevent the unauthorized disclosure of sensitive patient health information.
- The Gramm-Leach-Bliley Act (GLBA) – GLBA requires financial institutions to clearly state their information-sharing practices and to protect sensitive customer data.
- Children's Online Privacy Protection Act (COPPA) – COPPA seeks to protect the privacy of children and requires parental consent before collecting or using personal information from users under the age of 13.
Personal Identifiable Information meaning does not include information that is publicly available or lawfully available from local, state, or federal government records.
How Are PII Laws and Regulations Established?
While a general PII meaning is globally understood, it may be defined differently across different countries and regions as well as within different regulations. One example is the HIPAA data privacy standard, which follows a prescriptive formula in its definition of PII. The EU’s General Data Protection Regulation (GDPR), on the other hand, is a broader data protection law. GDPR uses a principles-based approach to defining Personal Identifiable Information that may differ from the definition used in HIPAA.
Compliance refers to the regulations, laws, and guidelines governing businesses and financial institutions.
- 1What is SOC 2?
- 2What is Section 314(b)?
- 3Financial Crimes Enforcement Network (FinCEN)
- 4Customer Due Diligence
- 5Customer Identification Program
- 6What is Section 314(a)?
- 7Suspicious Activity Report
- 8Politically Exposed Person
- 9Specially Designated Nationals
- 10What is a Currency Transaction Report?
- 11What is OFAC?
- 12What is the Bank Secrecy Act (BSA)?
- 13What is PCI DSS Certification?
- 14What is AML Compliance?
- 15Office of the Comptroller of the Currency (OCC)
- 16What is the Electronic Fund Transfer Act?
- 17Personal Identifiable Information (PII)
- 18Compliance Risk Management
- 19What is Know Your Customer (KYC)?
- 20Know Your Business (KYB)