= Personally Identifiable Information = '''Personally Identifiable Information''' ('''PII''') is any information that can uniquely identify a person. Compare to [[UnitedStates/InformationLaw/PrivateInformation|private information]] and [[UnitedStates/InformationLaw/ProtectedHealthInformation|PHI]]. <> ---- == Definition == '''Personally Identifiable Information''' is any information that can be used to distinguish or trace an identity, whether alone or when used in connection with other information. [[UnitedStates/InformationLaw/ProtectedHealthInformation|PHI]] is a subclass of PII with additional requirements and considerations. ---- == Federal Regulations == The [[UnitedStates/InformationLaw/PrivacyAct|Privacy Act of 1974]] established requirements for the federal government's use of PII. The [[UnitedStates/InformationLaw/FederalInformationSecurityManagementAct|Federal Information Security Management Act of 2002]] (FISMA) identifies security controls on the use of PII. The Office of Management and Budget (OMB) has produced guides and memoranda to further specify the requirements of these acts. ---- == Department of Defense Privacy Program == '''DoD 5400.11-R''' defines the Privacy Program which controls the use of PII within the U.S. Department of Defense. If a PII leak is discovered to have (potentially or actually) occurred, organizations must issue a report... * to the United States Computer Emergency Readiness Team (US-CERT) in 1 hour * to Component Privacy Office in 24 hours * and to the Defense Privacy, Civil Liberties, and Transparency Division in 48 hours ---- == Freedom of Information Act == The [[UnitedStates/InformationLaw/FreedomOfInformationAct|Freedom of Information Act]] defines PII-based restrictions on freedom of information requests. ---- CategoryRicottone