PII (Personally Identifiable Information)
Learn what PII (Personally Identifiable Information) is, examples of direct and sensitive identifiers, and legal protections under GDPR and CCPA. November 2025.
PII (Personally Identifiable Information): Data That Identifies an Individual
What is PII?
Personally Identifiable Information (PII) is any data that can identify a person, either alone or in combination with other data. According to U.S. standards, PII is “information that can be used to distinguish or trace an individual’s identity.” This includes obvious identifiers like name, address, email, phone number or Social Security number, as well as indirect identifiers like date of birth or IP address if they can be linked to an individual.
Examples
Direct identifiers (SSN, passport number, biometric records) uniquely identify someone; quasi-identifiers (DOB, ZIP code, race, etc.) can identify someone when combined with others. Sensitive PII (SSNs, financial account numbers, medical records) can cause harm if leaked, so it typically requires encryption and strict access controls. Non-sensitive PII (name, city) is less strictly regulated but still considered private.
Legal protections
Many privacy laws (GDPR, CCPA) classify PII as personal data that must be protected. In analytics and data warehousing, PII must be handled under data privacy policies: often encrypted at rest, masked or hashed, and accessible only to authorized roles.