PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.
For SUNY Potsdam employees, safeguarding sensitive information is a critical responsibility that must always be taken seriously. It is the responsibility of the individual user to protect data to which they have access. The loss of PII can result in substantial harm to individuals, including identity theft or other
fraudulent use of the information.
PII can be divided into two categories: linked and linkable information.
Linked information is more direct. It could include any personal detail that can be used to identify an individual, for instance:
- Full name
- Home address
- Email address
- Social security number
- Passport number
- Driver’s license number
- Credit card numbers
- Date of birth
- Telephone number
- Owned properties e.g. vehicle identification number (VIN)
- Login details
- Processor or device serial number
- Media access control (MAC address)
- Internet Protocol (IP) address
- Device IDs
Linkable information is indirect and on its own may not be able to identify a person, but when combined with another piece of information could identify, trace or locate a person.
Here are some examples of linkable information:
- First or last name (if common)
- Country, state, city, zip code
- Non-specific age (e.g. 30-40 instead of 30)
- Job position and workplace