The definition of personally identifiable information (PII) varies depending on the specific country legislation.
As it pertains to GDPR, PII relates to an identified or identifiable natural person (‘data subject’) and includes a wide range of information including;
- Phone number
- Email address
- IP address
- Cryptocurrency address
Under the recent California Consumer Privacy Act (CCPA) personally identifiable information (PII) pertains to “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In these terms PII includes a wide range of information including;
- Direct identifiers such as real name, alias, address, social security numbers, driver's license, passport information and signature.
- Indirect identifiers such as cookies, pixel tags, telephone numbers, IP addresses
- Biometric data such as face, fingerprints, voice recordings
- Geolocation data such as location history via devices,
- Internet activity such as browsing history, search history, data on interaction with a webpage, application or advertisement.
Sensitive information such as personal characteristics, behavior, employment and education data, and financial information.