Employee Privacy

From OSHKY Knowledge Library

Personally Identifiable Information (PII)

PII is any information about an individual maintained by an agency, including:

  • any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and
  • any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Protected/Sensitive PII

PII whose disclosure could result in harm to the individual whose name or identity is linked to that information. Examples include, but are not limited to, SSN; credit card number; bank account number; residential address; residential or personal telephone; biometric identifier (image, fingerprint, iris, etc.); date of birth; place of birth; mother’s maiden name; criminal records; medical records; and financial records. The conjunction of one data element with one or more additional elements increases the level of sensitivity and/or propensity to cause harm in the event of compromise.

Non-Sensitive PII

PII whose disclosure cannot reasonably be expected to result in personal harm. Examples include first/last name; e-mail address; business address; business telephone; and general education credentials that are not linked to or associated with any protected PII.