PIIPersonally Identifiable Information (PII) is a category of sensitive information that is associated with an individual person, hence, it should be accessed only on a strictly need-to-know basis and handled and stored with care.

PII is information that can be used to uniquely identify, contact, or locate a single person. Personal information that is “de-identified” (maintained in a way that does not allow association with a specific person) is not considered sensitive. For instance, social security numbers are considered a type of PII, the legal requirements for protecting them are much more stringent than for other PII.

Policies, contractual obligations, and information security laws and regulations require appropriate protection of PII that is not publicly available. These regulations apply to PII stored or transmitted via any type of media: electronic, paper, microfiche, and even verbal communication.

PII does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (Source: University of Michigan)