Non-sensitive PII + Sensitive PII = Sensitive PII

Non-sensitive PII refers to any information that is publicly available.  If any of the information is combined with sensitive PII, then it would become sensitive PII.  Some Examples of Non-sensitive PII are:

  • Work phone #
  • Work fax #
  • Work email address
  • Work location

Sensitive PII is personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.  A person’s name in combination with any one of the following:

  • Email Address
  • Home telephone number
  • Place of birth
  • Date of birth
  • Driver’s license number
  • Mother’s maiden name
  • Passport number
  • Financial, medical, or criminal records
  • Biometrics (such as DNA, iris scan, fingerprints)
  • Financial/bank account numbers
  • Personal or government account credit or debit card number
  • Employment information to include ratings, disciplinary actions, performance elements and standards.

Non-Sensitive PII together combined with Sensitive PII = Sensitive PII

Tips for handling PII:

Protect:

Everyone has the responsibility to protect “PII in any form (physical or electronic, sensitive or non-sensitive) from unauthorized disclosure, modification, or destruction in order to ensure its confidentiality, integrity, and availability.”

Destroy:

PII that is no longer needed should be destroyed in order to reduce risk to your organization (follow record retention schedules).

Disclosure:

You should only share sensitive personal information to authorized individuals. If you have doubts about sharing sensitive data, consult with your supervisor or Privacy Manager.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.