No, Identify if a PIA is required: Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individuals identity, such as name, social security number, date and place of birth, mothers maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. See NISTIR 7298 Rev. What is Individually Identifiable Health Information? B. Using this information, determine the following missing amounts: A company has an investment project that would cost The coach had each of them punt the ball 50 times, and the distances were recorded. A .gov website belongs to an official government organization in the United States. PDF Cyber Awareness Challenge 2022 Information Security Why Do Brokers Ask Investors for Personal Information? from D. A new system is being purchased to store PII. Misuse of PII can result in legal liability of the organization. Civil penalties Personally Identifiable Information (PII) is information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. In some cases, it may be shared with the individual. 0000011071 00000 n endobj 0000006504 00000 n What are examples of personally identifiable information that should be protected? A. from ", Federal Trade Commission. A data breach is an unauthorized access and retrieval of sensitive information by an individual, group, or software system. This training starts with an overview of Personally Identifiable Information (PII), and protected health information (PHI), a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI. (Weekdays 8:30 a.m. to 6 p.m. Eastern Time). Is this compliant with PII safeguarding procedures? Personal Data, Example of Personally Identifiable Information, Understanding Personally Identifiable Information, Social Engineering: Types, Tactics, and FAQ, Phishing: What it is And How to Protect Yourself, What Is Spoofing? 1 Hour In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly availablein any medium and from any sourcethat, when combined with other available information, could be used to identify an individual. e. Recorded insurance costs for the manufacturing property,$3,500. An app is a software application used on mobile devices and websites. Companies that share data about their clients normally use anonymization techniques to encrypt and obfuscate the PII, so it is received in a non-personally identifiable form. In theEuropean Union (EU), the definition expands to include quasi-identifiers as outlined in the General Data Protection Regulation (GDPR) that went into effect in May 2018. PII and similar terms exist in the legislation of many countries and territories: According to the NIST PII Guide, the following items definitely qualify as PII, because they can unequivocally identify a human being: full name (if not common), face, home address, email, ID number, passport number, vehicle plate number, drivers license, fingerprints or handwriting, credit card number, digital identity, date of birth, birthplace, genetic information, phone number, login name or screen name. Is this a permitted use? That said, many larger companies are beginning to see protecting PII and complying with privacy regulations as a full-time job, held by someone referred to as a Digital Privacy Officer or a similar title. NIST SP 800-37 Rev. What is PII? <> The Personal Information Protection and Electronic Documents Act regulates the use of personal information for commercial use. efficiently.