What determines sensitive data from non-sensitive data?

Asked by Heather Davis on Fri 7/1/16 10:33 AM
Sign In to leave feedback or contribute an answer

Answer (1)

This answer has been marked as the accepted answer
Heather DavisFri 7/1/16 10:35 AMLast edited Wed 2/28/18 10:28 AM

Personally Identifiable Information (PII)

Personally Identifiable Information (PII) can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.  Examples include name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

The following data, often used for the express purpose of distinguishing individual identity, clearly classify as PII under the definition used by the National Institute of Standards and Technology:[11]

The following are less often used to distinguish individual identity, because they are traits shared by many people. However, they are potentially PII, because they may be combined with other personal information to identify an individual.

  • First or last name, if common
  • Country, state, postcode or city of residence
  • Age, especially if non-specific
  • Gender or race
  • Name of the school they attend or workplace
  • Grades, salary, or job position
  • Criminal record
  • Web cookie[12]

Credit card numbers and social security numbers are automatically considered sensitive data and should be stored securely (X-drive). If a significant combination of PII are stored within a file, the file may be considered sensitive. 

For more information, refer to this Wikipedia article on PII: https://en.wikipedia.org/wiki/Personally_identifiable_information

TWU IRB Guidance on Data Management and Integrity in Human Research may be helpful for anyone at TWU who stores data with personally identifiable information, FERPA-related data, and/or HIPAA-related information. 

No feedback