As a refresher, PII (Personally Identifiable Information) is any information that can be used to identify, contact, or locate an individual person. The following datasets are considered to be PII according to NIST (National Institute of Standards and Technology)

Name: An individual’s full name, maiden name, alias, or mother’s maiden name.

ID number: Social Security, passport, driver’s license, tax ID or credit card number.

Address: Email or physical mailing address.

Characteristics: Photographs, fingerprints, signature or handwriting, and other biometric data such as voice signature or facial geometry.

Linkable data: Other indirect data that links a person to one of the above categories, like employment information, medical history, date of birth, or financial information.

Besides knowing the different sorts of data that can be considered PII, you also have to keep in mind the differences in the types of data, i.e. whether its’s Sensitive PII or Non-Sensitive PII.

Sensitive PII vs Non-Sensitive PII

Sensitive PII is a subset of PII that requires additional levels of security control. Data that is not easily found from public sources, such as a person’s SSN, medical information or driver’s license number are considered SPII. Financial and medical information are also considered SPII.

On the opposite end of the spectrum, there’s Non-Sensitive PII, which is information that can be linked to an individual, but is easily accessible via public records like phone books, directories, or internet resources. Things like a person’s zip code, date of birth, or mailing address would be considered Non-Sensitive PII.

For a more comprehensive look at PII, check out the articles listed in our PII Overview.

In general, you want to avoid sending PII as much as possible. Only send the minimum amount of information necessary to achieve your objective. Obviously, in the financial industry, this is going to include a significant amount of PII, both sensitive and non-sensitive, but keep it to a minimum whenever you can.

When sending documents, there are ways you can safeguard information using Mimecast and Adobe Acrobat. For more information, check out this article: PII and Sending Documents Securely

Whenever you’re working with PII in print form, be sure to keep it under lock and key and at the office. Never store physical copies of confidential client information at home. Check out Keeping PII Safe Offline for more information.

Keep in mind the type of PII you are dealing with. Depending on whether it’s sensitive data or not determines what you should and shouldn’t do with it: