Non-sensitive PII refers to any information that is publicly available. If any of the information is combined with sensitive PII, then it would become sensitive PII. Some Examples of Non-sensitive PII are:
- Work phone #
- Work fax #
- Work email address
- Work location
Sensitive PII is personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. A person’s name in combination with any one of the following:
- Email Address
- Home telephone number
- Place of birth
- Date of birth
- Driver’s license number
- Mother’s maiden name
- Passport number
- Financial, medical, or criminal records
- Biometrics (such as DNA, iris scan, fingerprints)
- Financial/bank account numbers
- Personal or government account credit or debit card number
- Employment information to include ratings, disciplinary actions, performance elements and standards.
Non-Sensitive PII together combined with Sensitive PII = Sensitive PII
Tips for handling PII:
Everyone has the responsibility to protect “PII in any form (physical or electronic, sensitive or non-sensitive) from unauthorized disclosure, modification, or destruction in order to ensure its confidentiality, integrity, and availability.”
PII that is no longer needed should be destroyed in order to reduce risk to your organization (follow record retention schedules).
You should only share sensitive personal information to authorized individuals. If you have doubts about sharing sensitive data, consult with your supervisor or Privacy Manager.