Personally Identifiable Information (PII)

What is PII?

Personal Identity Information, or PII, is a specific category of particularly sensitive data defined as:

Unencrypted electronic information that includes an individual’s first name or initial, and last name, in combination with any one or more of the following:

  • Social Security number (SSN).
  • Drivers license number or State-issued Identification Card number.
  • Financial account number, credit card number*, or debit card number in combination with any required security code, access code, or password such as expiration date or mother’s maiden name that could permit access to an individual’s financial account.
  • Medical information (any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional)
  • Health insurance information (an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history, including any appeals records)

PII is sometimes called "notice-triggering data" because State of California Information Practices Act of 1977 (Civil Code Section 1798 et seq.) requires that Personal Identity Information (PII) is appropriately protected and that affected individuals must be notified of any reasonable suspicion of a compromise of that protection. The University is responsible for complying with these legal requirements and for providing employees with information about requirements and responsibilities relating to PII.

*Credit card information is also regulated by the Payment Card Industry (PCI) Data Security Standard.