Personally identifiable information (PII)

What is personally identifiable information (PII)?

Personally identifiable information (PII) is an American legal term for any data that could identify a specific individual.

PII may include the following:

  • Full name
  • Home address
  • Email address
  • Social security number
  • Device identifiers
  • Email addresses
  • Passport number
  • Driver’s license number
  • Credit card number
  • Date of birth
  • Telephone number
  • Owned properties, e.g., vehicle identification number (VIN)
  • Login details
  • Processor or device serial number
  • Media access control (MAC)
  • Internet Protocol (IP) address
  • Device IDs
  • Cookies

US government agencies and non-governmental organizations often reference PII. The US lacks an overriding law covering PII in all 50 states, so your understanding of PII may differ depending on the state or sector you operate in. A standard definition is provided by the National Institute of Standards and Technology (NIST):

PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

You may also like:


  • EU-US data transfers uncertainties: How an EU-based analytics platform can improve your marketing performance

    European digital marketers are facing unprecedented levels of disruption. Increasing regulatory scrutiny and growing doubts about the legality of EU-US data transfers demand an urgent reassessment of your tech stack. In the very near future, relying on US-based analytics and consent platforms will expose your organization to operational, legal, and financial risks that can no…

  • HIPAA, marketing and advertising: How to run compliant campaigns in healthcare

    Healthcare organizations deal with tons of sensitive information concerning people’s health. It needs to be handled with proper care. In the US, safe parameters for using this kind of data in different contexts, including marketing, are set by HIPAA. Unfortunately, many companies are still unaware of the provisions of the law and the potential consequences…