(New page: '''Sensitive PII''' is personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenien...) |
|||
| (17 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | == Definitions == |
||
| ⚫ | |||
| + | |||
| − | by DHS, are sensitive as stand-alone data elements. Examples of such Sensitive PII |
||
| + | '''Sensitive personally identifiable information (PII)''' is |
||
| − | include: Social Security number (SSN), alien registration number (A-Number), or |
||
| + | |||
| − | biometric identifier. Other data elements such as driver's license number, financial |
||
| ⚫ | {{Quote|[[personally identifiable information]], which if lost, [[compromise]]d, or [[disclose]]d without [[authorization]], could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.<ref>[[Handbook for Safeguarding Sensitive Personally Identifiable Information at the Department of Homeland Security]], at 4.</ref>}} |
||
| − | account number, citizenship or immigration status, or medical information, in |
||
| + | |||
| − | conjunction with the identity of an individual (directly or indirectly inferred), are also |
||
| + | {{Quote|[[PII]] that requires stricter handling guidelines because of the nature of the [[data]] and the increased [[risk]] to an individual if [[compromise]]d, and if lost, [[compromise]]d, or [[disclosed]] without [[authorization]], could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.<ref>[[DHS Sensitive Systems Policy Directive 4300A]], Glossary, at 104.</ref>}} |
||
| − | Sensitive PII. In addition, the context of the PII may determine whether the PII is |
||
| + | |||
| − | sensitive, such as a list of employee names with poor performance ratings. |
||
| + | {{Quote|an individual's [[Social Security number]] alone; or an individual's name or address or [[phone number]] in combination with one or more of the following: date of birth, [[Social Security number]], [[driver's license]] number or other state identification number, or a foreign country equivalent, [[passport]] number, financial account number, [[credit card]] number, or [[debit card]] number.<ref>[[Order to File Special Report]], at 15.</ref>}} |
||
| − | |||
| + | |||
| ⚫ | |||
| + | == Overview == |
||
| − | directory of agency employees is PII, but in most cases not Sensitive PII, because it is |
||
| + | |||
| − | usually widely available public information. |
||
| ⚫ | |||
| + | |||
| + | [[PII]] that is available to the public or that resides on test and development environments is still considered Sensitive PII in certain circumstances. For example, an individual's [[SSN]] might be available in a [[public record]] maintained by a local court; however, an individual's [[SSN]] can be Sensitive PII because [[SSN]]s are a key [[identifier]] used in [[identity theft]] and therefore are inherently sensitive. As another example, an [[employee]] might maintain a public [[website]] identifying herself as having a certain medical condition; however, that same [[medical information]] in that [[employee]]'s personnel [[file]] would still be considered Sensitive PII. |
||
| + | |||
| + | [[Image:Senstive.jpg]] |
||
| + | |||
| + | == Examples == |
||
| + | |||
| + | Some categories of PII are sensitive as stand-alone [[data element]]s. Examples of such Sensitive PII include: [[Social Security number]] ([[SSN]]), alien registration number (A-Number), or [[biometric identifier]]. Other [[data element]]s such as [[driver's license number]], financial account number, citizenship or immigration status, or medical information, in conjunction with the identity of an individual (directly or indirectly inferred), are also Sensitive PII. In addition, the context of the PII may determine whether the PII is sensitive, such as a list of employee names with poor performance ratings. |
||
| + | |||
| + | == References == |
||
| + | <references /> |
||
| + | |||
| + | == See also == |
||
| + | |||
| + | * [[Non-sensitive personal information]] |
||
| + | * [[Sensitive personal information]] |
||
| + | [[Category:Privacy]] |
||
| + | [[Category:Data]] |
||
| + | [[Category:Definition]] |
||
Latest revision as of 07:29, 20 January 2014
Definitions[]
Sensitive personally identifiable information (PII) is
| “ | personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.[1] | ” |
| “ | PII that requires stricter handling guidelines because of the nature of the data and the increased risk to an individual if compromised, and if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.[2] | ” |
| “ | an individual's Social Security number alone; or an individual's name or address or phone number in combination with one or more of the following: date of birth, Social Security number, driver's license number or other state identification number, or a foreign country equivalent, passport number, financial account number, credit card number, or debit card number.[3] | ” |
Overview[]
Not all PII is sensitive. For example, information on a business card or in a public phone directory is PII, but in most cases not Sensitive PII, because it is usually widely available public information.
PII that is available to the public or that resides on test and development environments is still considered Sensitive PII in certain circumstances. For example, an individual's SSN might be available in a public record maintained by a local court; however, an individual's SSN can be Sensitive PII because SSNs are a key identifier used in identity theft and therefore are inherently sensitive. As another example, an employee might maintain a public website identifying herself as having a certain medical condition; however, that same medical information in that employee's personnel file would still be considered Sensitive PII.
Examples[]
Some categories of PII are sensitive as stand-alone data elements. Examples of such Sensitive PII include: Social Security number (SSN), alien registration number (A-Number), or biometric identifier. Other data elements such as driver's license number, financial account number, citizenship or immigration status, or medical information, in conjunction with the identity of an individual (directly or indirectly inferred), are also Sensitive PII. In addition, the context of the PII may determine whether the PII is sensitive, such as a list of employee names with poor performance ratings.
References[]
See also[]
- Non-sensitive personal information
- Sensitive personal information