Skip to main content
waffle.svg
Domo Knowledge Base

What Constitutes PII?

Version 4

 

Personally Identifiable Information (PII) is defined as “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual” [1]. It is important to understand that data that is not considered PII may become PII when combined with other data. For example, while a ZIP code may not be thought of as PII, when combined with a date of birth, these two values can uniquely identify 87% of the US population [2].

There are very strict international and state laws governing the protection of PII. As such, Domo cannot provide privacy legal advice to our customers. A best practice is to simply avoid any field that is considered PII or any field that could become PII when combined with other data.

The following fields are considered PII, but this should not be considered to be a comprehensive list of all PII fields:

  • Name of the individual

  • Maiden name of the individual’s mother

  • Address (which includes all geographic subdivisions smaller than a state, including street address, city, county, and ZIP code)

  • All elements (except years) of dates related to an individual, including birth and death date, and any date related to healthcare treatment.

  • Exact age, if the individual is over 89

  • Telephone and fax numbers

  • Email address

  • Social Security Number

  • Medical record and health plan beneficiary numbers

  • Account number

  • Certificate or license number

  • Any vehicle identification number (VIN), license plate, driver’s license, or other identifier

  • Web URL and IP address

  • Fingerprint or voice print

  • Photographic image

  • Electronic signature

  • Any other uniquely identifying characteristic or code


[1] OMB Memorandum M-10-23 (Guidance for Agency Use of Third-Party Websites and Applications, June 25, 2010)

[2] L. Sweeney, Simple Demographics Often Identify People Uniquely. Carnegie Mellon University, Data Privacy Working Paper 3. Pittsburgh 2000.