PII and Its Many Forms

Cole PrudenPersonally Identifiable Information, Self-Hosted Auditing Software, Sensitive Data Protection

An image for PII and-its-many-forms by PII Tools

Sometimes, it feels like the goal of tech agencies and federal regulations, such as the GDPR, is to confuse us. Unless you’re used to using terms like “protected information” and “sensitive data” and seeing acronyms like PII, PCI, HIPAA, etc., this topic can seem a little daunting. So, let’s break it down and learn the exact differences between frequently used terms in the world of data privacy.

Understanding PII

To start, it’s best to be familiar with the basics. When it comes to data protection, the most commonly used term is PII (Personally Identifiable Information). Here, PII is going to function as our umbrella, a sort of catch-all phrase when discussing information used to identify a specific person. That can include anything from your first and last name, to your social security number and health records. Find out more in our article What is PII and How Does it Affect You?

Personal, Protected, and Sensitive Data

You also need to be aware of some of the other terms surrounding PII that you’ll likely come across in business and online. For instance, alongside PII you’ll often hear “personal data”. To keep you from getting the two mixed up, just remember that PII is widely accepted in the US, whereas personal data comes directly from Europe’s GDPR, and its definition is significantly broader within these regulations. 

Another term you may run into is “protected data”. In many ways, protected data is quite similar to PII, the main difference being that it’s subject to regulation under the Applicable Data Protection Law. Generally speaking, protected data deals with information explicitly protected by existing law, formal legal agreements, or contracts.

You’re also going to want to be on the lookout for the differences between personal and sensitive data. Again, “personal data” is the broader term, whereas “sensitive data” is strictly defined by the GDPR as data requiring more protection due to its sensitive nature. Examples include everything from racial or ethnic origin, to religious beliefs and even trade union memberships.

PHI, ePHI, PCI… oh my!

There are two other data types that fall under the PII umbrella, and the first is PHI (Personal Health Information). As you’d expect, PHI covers all your identifiable health information, including your medical history, insurance information, etc. Electronic PHI (ePHI) is simply PHI in digital form.. In the US, PHI is protected by HIPAA (The Health Insurance Portability and Accountability Act of 1996). In Europe, PHI falls under the famous GDPR.

The other notable data type is the PCI DSS (the Payment Card Industry Data Security Standard). When it comes to the PCI DSS, or simply PCI, it’s a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. If you run a company that accepts or processes payment cards, the PCI pertains to you.

Source: Infosec

Does Software Help?

Hopefully, these explanations have helped to clear up some of the confusion about personal data. But only understanding PII doesn’t mean you know how to discover it and protect it in your own company. That’s where automated solutions such as PII Tools come in.

When implemented by your DPO or an expert auditor, PII Tools locates and remediates all the personal and sensitive data across all your storages. With its secure self-hosted software, PII Tools offers the simplest solution for data audits and regulatory compliance. This is your one-stop shop for everything from in-house audits and data discovery, to breach management and remediation.

Everything You Need

You no longer need to feel lost in the world of data privacy. Now that you have a basic understanding of many of the terms associated with PII, you’ll be more confident in the security of your personal data and the data in your company. Expert solutions like PII Tools allow you to do the right thing with minimal effort, maintaining both regulatory compliance and (more importantly) customer trust and brand reputation.

Need Help Navigating the World of PII Protection? Schedule a FREE DEMO and Get Started Today!

A cover image for the technical whitepaper detecting person names in text by PII Tools 2

Download our AI whitepaper

Detecting Personal Names in Text