|
Size: 1288
Comment:
|
← Revision 12 as of 2025-02-06 21:07:55 ⇥
Size: 1911
Comment: Typo
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
'''Personally Identifiable Information''' ('''PII''') is any information that can uniquely identify a person. Compare to [[UnitedStates/InformationLaw/PrivateInformation|private information]] and [[UnitedStates/InformationLaw/ProtectedHealthInformation|PHI]]. |
|
| Line 11: | Line 15: |
| Any information that can be used to distringuish or trace an identity, whether alone or when used in connection with other information. | '''Personally Identifiable Information''' is any information that can be used to distinguish or trace an identity, whether alone or when used in connection with other information. |
| Line 19: | Line 23: |
| == Privacy Act == | == Federal Regulations == |
| Line 21: | Line 25: |
| The '''Privacy Act of 1974''' established requirements for the federal government's use of PII. Agencies can and have been held legally and financially liable for leads of PII. | The [[UnitedStates/InformationLaw/PrivacyAct|Privacy Act of 1974]] established requirements for the federal government's use of PII. |
| Line 23: | Line 27: |
| ---- == FISMA == The [[UnitedStates/InformationLaw/FederalInformationSecurityManagementAct|Federal Information Security Management Act]] ('''FISMA''') identifies security controls on the use of PII. The Office of Management and Budget (OMB) has produced guides and memoranda to further specify the requirements of these acts. |
The [[UnitedStates/InformationLaw/FederalInformationSecurityManagementAct|Federal Information Security Management Act of 2002]] (FISMA) identifies security controls on the use of PII. The Office of Management and Budget (OMB) has produced guides and memoranda to further specify the requirements of these acts. |
| Line 39: | Line 37: |
| If a PII leak is discovered to have (potentially or actually) occurred, organizations must issue a report... * to the United States Computer Emergency Readiness Team (US-CERT) in 1 hour * to Component Privacy Office in 24 hours * and to the Defense Privacy, Civil Liberties, and Transparency Division in 48 hours |
|
| Line 45: | Line 49: |
| The '''Freedom of Information Act''' defines PII-based restrictions on freedom of information requests. | The [[UnitedStates/InformationLaw/FreedomOfInformationAct|Freedom of Information Act]] defines PII-based restrictions on freedom of information requests. |
Personally Identifiable Information
Personally Identifiable Information (PII) is any information that can uniquely identify a person.
Compare to private information and PHI.
Contents
Definition
Personally Identifiable Information is any information that can be used to distinguish or trace an identity, whether alone or when used in connection with other information.
PHI is a subclass of PII with additional requirements and considerations.
Federal Regulations
The Privacy Act of 1974 established requirements for the federal government's use of PII.
The Federal Information Security Management Act of 2002 (FISMA) identifies security controls on the use of PII. The Office of Management and Budget (OMB) has produced guides and memoranda to further specify the requirements of these acts.
Department of Defense Privacy Program
DoD 5400.11-R defines the Privacy Program which controls the use of PII within the U.S. Department of Defense.
If a PII leak is discovered to have (potentially or actually) occurred, organizations must issue a report...
- to the United States Computer Emergency Readiness Team (US-CERT) in 1 hour
- to Component Privacy Office in 24 hours
- and to the Defense Privacy, Civil Liberties, and Transparency Division in 48 hours
Freedom of Information Act
The Freedom of Information Act defines PII-based restrictions on freedom of information requests.