Personally Identifiable Information – Glossary
Aggregated Information: Information elements collated on a number of individuals, typically used for the purposes of making comparisons or identifying patterns.
Anonymized Information: Previously identifiable information that has been de-identified and for which a code or other association for re-identification no longer exists.
Confidentiality: “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Context of Use: The purpose for which PII is collected, stored, used, processed, disclosed, or disseminated.
De-identified Information: Records that have had enough PII removed or obscured such that the remaining information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual.
Distinguishable Information: Information that can be used to identify an individual.
Harm: Any adverse effects that would be experienced by an individual (i.e., that may be socially, physically, or financially damaging) or an organization if the confidentiality of PII were breached.
Linkable Information: Information about or related to an individual for which there is a possibility of logical association with other information about the individual.
Linked Information: Information about or related to an individual that is logically associated with other information about the individual.
Obscured Data: Data that has been distorted by cryptographic or other means to hide information. It is also referred to as being masked or obfuscated.
Personally Identifiable Information (PII): ―Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
PII Confidentiality Impact Level: The PII confidentiality impact level—low, moderate, or high—indicates the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed.
Privacy Impact Assessment (PIA): “An analysis of how information is handled that ensures handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; determines the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system; and examines and evaluates protections and alternative processes for handling information to mitigate potential privacy risks.
System of Records: “A group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.
Traceable: Information that is sufficient to make a determination about a specific aspect of an individual’s activities or status.