(Adding categories) |
No edit summary |
||
| Line 3: | Line 3: | ||
'''Sensitive PII''' is |
'''Sensitive PII''' is |
||
| − | {{Quote|[[personally identifiable information]], which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.<ref>[[ |
+ | {{Quote|[[personally identifiable information]], which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.<ref>[[Handbook for Safeguarding Sensitive Personally Identifiable Information at the Department of Homeland Security]], at 4.</ref>}} |
== Examples == |
== Examples == |
||
Revision as of 17:33, 28 April 2012
Definition
Sensitive PII is
| “ | personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.[1] | ” |
Examples
Some categories of PII are sensitive as stand-alone data elements. Examples of such Sensitive PII include: Social Security number (SSN), alien registration number (A-Number), or biometric identifier. Other data elements such as driver's license number, financial account number, citizenship or immigration status, or medical information, in conjunction with the identity of an individual (directly or indirectly inferred), are also Sensitive PII. In addition, the context of the PII may determine whether the PII is sensitive, such as a list of employee names with poor performance ratings.
Discussion
Not all PII is sensitive. For example, information on a business card or in a public phone directory is PII, but in most cases not Sensitive PII, because it is usually widely available public information.
PII that is available to the public or that resides on test and development environments is still considered Sensitive PII in certain circumstances. For example, an individual’s SSN might be available in a public record maintained by a local court; however, an individual’s SSN to be Sensitive PII because SSNs are a key identifier used in identity theft and therefore are inherently sensitive. As another example, an employee might maintain a public website identifying herself as having a certain medical condition; however, that same medical information in that employee’s personnel file would still be considered Sensitive PII.
