About Personally Identifiable Information (PII)
2 min read
Personally Identifiable Information (PII) is a term used to describe the types of data under legal protection in countries with privacy laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). PII may be understood as any data that could potentially identify a specific individual, such as name, address, credit card number, and so on.
Both in the GDPR and the CCPA, the definition of personal information is broad:
- All kinds of data may be regarded as PII. This means that there is no closed list of what can be considered as PII.
- The PII has to refer to a natural person, consumer, or, in California, a household. This means that the information should be somehow linked to a real individual / household.
- The natural person is identified or identifiable. This means that the information should be somehow linked to a specific person, or that the information could reasonably be linked to a specific person.
- Examples of PII include: name, address, email address, phone number, social security number, bank account details, credit card number...etc.
If you decide to collect PII through your site, you have to treat this information accordingly. This varies between jurisdictions. We recommend you familiarize yourself with the regulations that apply to you and your site.
In order to process PII correctly, we encourage you to mark PII fields accurately. Once you mark something as PII, we will work to comply with all relevant data protection regulations with regard to the treatment of PII. This is also true when you mark a certain group of data fields as PII - we will treat the whole group as PII.
Did this help?