Sensitive data and personal information come in many shapes and sizes. And with so many different regulations around the globe, it’s easy to confuse one with another. These are the basics of PII and every form you’ll find it in. Let’s get into it.
Understanding PII
The world of sensitive data protection has its own terminology you’ll need to be familiar with. You can think of Personally Identifiable Information, or PII, as our umbrella, a sort of catch-all term when discussing information that could be used to identify a specific person. Here are a few basic examples:
- First or last names,
- Personal identification numbers (SSN, passport number, driver’s license number, etc.),
- Health records,
- Phone numbers and addresses, and
- Personal characteristics (distinct facial features, fingerprints, handwriting, etc.).
In other words, all forms of potentially sensitive data and private information are considered PII. But if you’re interested in the full list or even a more hands-on experience with PII in the real world, you can download examples from our article PII Examples, all completely free.
Personal, Protected, & Sensitive Data
Personal Data
PII may be the catch-all phrase within this sphere, but it also appears in more specialized forms.
For instance, alongside PII, you’ll often hear ‘personal data’. To keep you from getting the two mixed up, just remember that PII is widely accepted in the US, whereas personal data comes directly from Europe’s GDPR, and its definition is significantly broader within this regulation.
Protected Data
Another term you may run into is ‘protected data’. PII and protected data are often used interchangeably (understandably so, considering all PII should be protected); however, UC Berkley defines protected data as: A general term for information that wouldn't be considered public, or that needs to be protected for any reason.
When you hear the term ‘protected data’, you can safely assume you’re dealing with information explicitly protected by existing law, formal legal agreements, or contracts.
Sensitive Data
Finally, we have the difference between PII and ‘sensitive data’. Where PII is a more generalized term, sensitive data (sometimes referred to as ‘sensitive personal data’) is strictly defined by the GDPR as data requiring more protection due to its sensitive nature.
Examples include racial or ethnic origin, sexual orientation, religious beliefs, and even trade union memberships.
PHI, ePHI, & PCI
Two other data types fall under the PII umbrella, and the first is PHI (Personal Health Information). As you’d expect, PHI covers a data subject’s identifiable health information:
- Medical history,
- Insurance information,
- Test results,
- Biometric identifiers, and more.
The second is then ePHI, which simply stands for ‘Electronic PHI’. In other words, PHI in digital form. In the US, PHI is protected by HIPAA (The Health Insurance Portability and Accountability Act of 1996). In Europe, PHI is also defined and protected under the GDPR.
Source: Infosec
PCI DSS
The final notable sub-form of PII is data protected by the PCI DSS (the Payment Card Industry Data Security Standard). Often shortened to just ‘PCI’, this data safety regulation ensures all companies that process, store, or transmit credit card information maintain a secure environment.
Just think of Visa and Mastercard. If a company accepts or processes payment cards in any way, it must adhere to the PCI to both protect users’ payment information and their PII connected to it.
PII Scanner
We now have a basic understanding of PII and its various forms. But that’s only the first step for any business. The harder part is locating PII stored within the corporate environment and ensuring its regulatory compliance.
The best way to discover, analyze, and remediate PII across all digital assets is to deploy a PII Scanner.
The PII Tools software is an automated PII Scanner that locates and remediates all the personal and sensitive data across a company’s storages. With its secure self-hosted software, PII Tools offers the simplest solution for data audits and regulatory compliance.
It even offers modern solutions like Person Cards®, which automatically link up all forms of PII on a specific individual, rolling them into an exportable report card, and the all-new AI Data Protector, allowing users to scan files for PII BEFORE feeding them to third-party AI models.
Everything You Need
Now armed with a basic understanding of PII and its various forms, you can feel more confident in securing the personal data and sensitive information in your company.
And PII Tools only makes protecting PII and achieving regulatory compliance easier, with full automation features. Your clients and users will thank you for it, and your brand reputation will rise like never before!
Need Help Navigating the World of PII Protection? Discover PII Tools and Start Scanning Today!
