What Is Personally Identifiable Information?
Privacy is all the rage these days and data privacy laws have made changes in leaps and bounds in the last several years. Most privacy laws center around the concept of “Personally Identifiable Information” or PII or personal data.
What Does Personally Identifiable Information or PII Mean?
PII is information that can identify a particular individual either when used alone or when partnered with other relevant data. “Direct identifiers” are those that can identify a person without any additional information, such as a social security number. “Quasi-identifiers” are those that require combination with one or two additional pieces of information to identify an individual, such as date of birth or zip code.
What Does This Cover?
Different laws protect different levels of PII. For example, the Colorado Consumer Protection Act defines PII only as direct identifiers (social security number, state-issued driver’s license, biometric data) or data that allows one to access PII, such as a password or passcode. California, on the other hand, includes both direct identifiers and any quasi-identifiers that are stored together, as well as information that would allow an individual to be contacted. The European Union General Data Protection Regulation (“GDPR”) is even broader than that, including “any information relating to an identifiable person” as PII.
Before knowing what your obligations are to the information you collect, it is crucial to know what information you are collecting – and why. To learn more about business law, please visit our Business Law page.
by Samantha Peaslee